Following Security Researchers Online
Table of Contents
Academic Venues
graph TD
subgraph "Academic Publishing Pipeline"
A["Researcher writes paper"] --> B["Submit to conference/journal"]
B --> C["Peer review
2-6 months"]
C --> D{"Accepted?"}
D -->|Yes| E["Published in proceedings"]
D -->|No| F["Revise and resubmit"]
F --> B
E --> G["Preprint on arXiv/ePrint"]
A --> G
end
subgraph "Where to Find Papers"
G --> H["arxiv.org
Free, immediate"]
E --> I["IEEE Xplore
Free with account for standards"]
E --> J["USENIX.org
Free after conference"]
E --> K["ACM Digital Library
Some paywalled"]
E --> L["IACR ePrint
Free cryptography papers"]
end
subgraph "Key Conferences"
M["USENIX Security"]
N["IEEE S&P (Oakland)"]
O["ACM CCS"]
P["NDSS"]
Q["CRYPTO / EUROCRYPT"]
end
How security research gets published and where to find it for free
Security research follows the academic publishing cycle. Researchers write papers, submit them to peer-reviewed conferences, and present them if accepted. The major security conferences are USENIX Security, IEEE Symposium on Security and Privacy (Oakland), ACM Conference on Computer and Communications Security (CCS), and the Network and Distributed System Security Symposium (NDSS).
arXiv (arxiv.org): A preprint server where researchers post papers before or during peer review. The cs.CR (Cryptography and Security) section is the one to watch. Papers appear here weeks or months before the official conference publication. It is free, no account required, and you can subscribe to email alerts for specific categories.
USENIX (usenix.org): Publishes all accepted papers for free on their website after the conference. USENIX Security is one of the top four security venues. Their open-access policy means you never need to pay for a USENIX paper.
IEEE Xplore (ieeexplore.ieee.org): Hosts proceedings from IEEE conferences, including the S&P symposium. Some papers are paywalled, but many are also posted on the authors' personal pages or on arXiv. Always check arXiv first before paying for a paper.
IACR ePrint (eprint.iacr.org): The International Association for Cryptologic Research's preprint archive. If you are interested in cryptographic research - new attacks on encryption schemes, formal proofs of security protocols - this is the primary source. All papers are free.
Conference Archives
Conference talks are often more accessible than papers. The speaker has 20-30 minutes to present the key ideas, usually with demonstrations.
DEF CON: Publishes nearly all talks on their YouTube channel (youtube.com/@DEFCONConference) and on media.defcon.org. The Wireless Village talks are particularly relevant for anyone working with WiFi and BLE tools. Talk recordings go back over a decade.
Black Hat: Posts briefings on YouTube (youtube.com/@BlackHatOfficialYT). Black Hat talks tend to be more polished and vendor-oriented than DEF CON, but the technical content is solid. The Arsenal demos, where tool authors demonstrate their projects, are also worth watching.
CCC (Chaos Communication Congress): The annual hacker conference in Germany publishes talks on media.ccc.de. Presentations are in both English and German, and the technical depth is consistently high. Their talks on radio security and hardware hacking are excellent.
ShmooCon, TROOPERs, BSides: Smaller conferences that often publish talks on YouTube. BSides events happen in dozens of cities worldwide and frequently feature local researchers presenting original work that has not been submitted to major conferences yet.
Researcher Blogs and Project Pages
graph TD
subgraph "Vulnerability Research Labs"
A["Google Project Zero
googleprojectzero.blogspot.com"] --> A1["Browser, OS, hardware vulns
Detailed root cause analysis"]
B["Trail of Bits
blog.trailofbits.com"] --> B1["Tools, protocol analysis
Formal verification"]
C["NCC Group
research.nccgroup.com"] --> C1["Broad security research
Hardware and embedded"]
end
subgraph "Wireless-Specific Researchers"
D["Mathy Vanhoef
mathyvanhoef.com"] --> D1["KRACK, Dragonblood, FragAttacks
WiFi protocol vulnerabilities"]
E["Samy Kamkar
samy.pl"] --> E1["Hardware hacking, RF
Creative attack demos"]
end
subgraph "Aggregators"
F["The Daily Swig
portswigger.net/daily-swig"]
G["Risky Business
risky.biz (podcast)"]
H["tl;dr sec
tldrsec.com (newsletter)"]
end
Key research blogs and aggregators for staying current with security research
Google Project Zero (googleprojectzero.blogspot.com): Arguably the most technically detailed vulnerability research blog in existence. When Project Zero publishes, the post typically includes full root cause analysis, exploitation details, and timeline of disclosure. Their work on browser engines, operating system kernels, and hardware vulnerabilities is consistently outstanding.
Trail of Bits (blog.trailofbits.com): A security research and consulting firm that publishes detailed technical blog posts about their work. Their posts on protocol analysis, cryptographic implementations, and tool development are particularly good. They also maintain several open-source security tools.
Mathy Vanhoef (mathyvanhoef.com): The researcher behind KRACK (Key Reinstallation Attacks against WPA2), Dragonblood (attacks against WPA3-SAE), and FragAttacks (fragmentation and aggregation attacks against WiFi). His papers are the most directly relevant publications for anyone working with WiFi security tools. He publishes papers, proof-of-concept code, and clear explanations of each vulnerability.
NCC Group Research (research.nccgroup.com): Publishes across a wide range of topics including hardware security, embedded systems, and wireless protocols. Their technical advisories often include enough detail to understand and reproduce the findings.
Samy Kamkar (samy.pl): Known for creative hardware and RF hacking projects. His work on garage door openers, automotive key fobs, and other RF systems is both educational and entertaining. His projects often demonstrate practical RF attacks using inexpensive hardware.
Mailing Lists and CVE Feeds
oss-security mailing list: A public mailing list (oss-security@lists.openwall.com) where Linux and open-source vulnerabilities get disclosed and discussed. When a vulnerability affects hostapd (the open-source WiFi access point daemon) or wpa_supplicant (the WiFi client used in Linux and Android), it appears here first. Archives are searchable at openwall.com/lists/oss-security.
Full Disclosure (seclists.org/fulldisclosure): One of the oldest security mailing lists. Less active than it once was, but still receives original vulnerability disclosures that do not appear elsewhere.
CVE feeds: The MITRE CVE database (cve.org) and the National Vulnerability Database (nvd.nist.gov) provide structured data about disclosed vulnerabilities. You can search for CVEs related to specific products (like "wpa_supplicant" or "hostapd") to find known WiFi vulnerabilities. NVD provides CVSS scores and references to patches and advisories.
GitHub Advisory Database: GitHub maintains a searchable database of security advisories (github.com/advisories) that includes vulnerabilities in open-source projects. Useful for tracking issues in tools you use.
Social Media Worth Following
Twitter/X: Despite its changes, Twitter/X remains where many security researchers post real-time updates, share paper links, and discuss vulnerabilities. Some accounts worth following: @halaboratory (Mathy Vanhoef's research group), @tavaborern (WiFi security), @ProjectZeroBugs (Project Zero disclosures), @traborailofbits (Trail of Bits).
Mastodon (infosec.exchange): A growing alternative where security researchers have migrated. The infosec.exchange instance is specifically for security professionals. The signal-to-noise ratio is currently better than Twitter for technical content.
Reddit: The r/netsec subreddit is heavily moderated and focuses on original security research and tools. Posts that are just news articles or product announcements get removed. r/ReverseEngineering is similarly well-moderated for that topic. Both are good sources for paper links and tool announcements.
Hacker News (news.ycombinator.com): Not security-specific, but major security research consistently appears on the front page with substantive technical discussion in the comments. The community skews toward software engineering, so the comments often provide practical perspectives on vulnerabilities.
Building Your Feed
The problem is not finding sources - it is filtering them. Here is a practical approach to building a manageable research feed:
RSS is not dead. Many of the sources listed above provide RSS feeds. Use a feed reader (Feedly, Miniflux, or NewsBlur) and subscribe to the blogs and arXiv categories that matter to you. RSS lets you scan headlines without algorithm-driven distraction.
Newsletters do the filtering for you. tl;dr sec (tldrsec.com) is a weekly newsletter that curates security blog posts, papers, and tools. It is one of the most efficient ways to stay current without checking dozens of sources individually.
Set up keyword alerts. Google Alerts for terms like "WPA3 vulnerability," "802.11 attack," or "BLE security" will surface relevant news articles and blog posts. The signal-to-noise ratio varies, but it catches things you might miss.
Follow researchers, not publications. Individual researchers tend to produce consistently relevant work in their area. If you find a paper you like, check the authors' other publications. Most researchers maintain a personal page with a full publication list.
Attend or watch one conference per year. Pick one conference - DEF CON Wireless Village is a good starting point for WiFi and RF security - and watch all the talks from that year. This gives you a concentrated overview of current research directions in a specific area.
The goal is not to read everything. The goal is to notice when something directly relevant to your work gets published, and to have the background knowledge to understand it when it does.
The BLEShark Nano is a practical tool for exploring the wireless protocols these researchers study. Understanding the research helps you understand what your tools are doing and why.
Get the BLEShark Nano - $36.99+