Here lies my favorite places on the Internet to read about malware analysis and reverse engineering. I'm storing them here as I got tired of losing bookmarks everytime I reimaged my laptop.
We have two ears and one mouth so that we can listen twice as much as we speak - Epictetus
I believe the statement above, from the Greek philosopher Epictetus, also applies to reading. In order to write blogs, research and presentations, we must read not only twice as much as we write, but magnitudes more than we write.
- Unit 42 - Good threat research. Not super technical and they don't post that often.
- The DFIR Report - Great for detection engineers and SOC analysts. Breaks down real techniques used by attackers during real intrusions.
- Check Point Research - Really good research. Very underrated. From campaign tracking to in-depth technical analysis.
- SentinelOne Labs - Alright. Most of their blogs are too in the weeds and they don't post too often.
- Huntress Blog - These people are awesome! They've hired a ton of high-speed analysis from Russian Panda, Jai Minton and John Hammond (and more) to write blogs detailing the most up-to-date threat actor techniques used in real campaigns.
- Red Canary - Great researchers and intel teams. My favorite content they post is an Intelligence Insights blog every month with the latest malware trends and techniques.
- Cisco Talos - Good content. Most of the time higher-level but occasionally post a really good technical blog.
- Group-IB - Covering threat campaigns.
- Elastic Labs - Detection engineering, malware, and ML using Elastic blogs.
- Sekoia Blog - Great malware analysis.
- Embee Research - Cyberchef tricks, tracking C2 infra, malware analysis
- L0psec - MacOS malware reverser. Best in Mac and constantly uploads.
- RussianPanda - Malware analysis. She mainly writes for Huntress now, but still has good older content.
- Elma - Very low-level RE. Has posts on Flare-On and CTF challenges. Activitly postiing.
- dr4k0nia - Malware analysis. Great resource for .NET reversing. Hasn't posted since 2023.
- MalwareMustDie - Low-level reversing. Last post was 2024.
- Olivia Gallucci - MacOS focused malware and technique analysis.
- clearbluejar - Creator of ghidriff. Heavy focus on using Ghidra and LLM/MCPs.
- Jai Minton - Great malware analysis videos for beginners.
- MalwareAnalysisForHedgehogs - Guy is one of the best for reversing.
- Zack Allen - DetectionEngineeringWeekly - Great practical and strategic material for detection engineers.
I'll probably try to organise it better in the future and create a way to import these straight into my bookmarks. But for now they're be here in case I need them away from my laptop or for anyone who's interested!