Since this year was filled to the brim with work for my Master (thesis) at TalTech this list is a bit sparse, but luckily my schedule still allowed time for some interesting discoveries.

Julia Evans
Julia Evans' blog posts and zines are extremely creative and don’t shy away from technical depth. The thing that makes her content so interesting to me are the combination of her undeniable, practical skills and a willingness to work-out new subjects in public. This humble approach makes difficult topics more approachable for other newcomers.

A recommendation would be her posts on eBPF which I was excited to find out she had written about. This technology is for example used in DDoS prevention solutions, hot security patching and new linux-based monitoring solutions like Sysmon for Linux. See also:

• How to filter packets super fast: XDP & eBPF!
• Notes on BPF & eBPF

Black Hill Information Security
BHIS is a pentesting company with a great community mindset, publishing talks and podcasts on all sorts of topics, organizing conferences and workshops. They also offer affordable, but what seems to be high-quality trainings, some of which I’d like to tryout for myself this coming year.

One particularly interesting talk to check out by one of their researcher (Joff Thyer) on advanced defensive solution evasion techniques can be seen below.

OTRF - Open Threat Research Forge
OTRF aims to establish a community to create and develop datasets and tools to advance security research. One project jumped out as being particularly interesting and is also relevant for my upcoming thesis work, namely Mordor (a.k.a Securty Datasets). Known attacks using adversary emulation frameworks like Caldera or Atomic Red Team are ‘recorded’ and forensic artifacts are shared so people can develop or improve detections. See also the below presentation by Roberto Rodriguez at Red Canary.