2026-07-07 bad.download The personal site of bad.download, a tech-industry professional who writes about cybersecurity, privacy, digital preservation, and generative AI models. Minimal but thoughtful in scope, it features links to personal projects like a Discord bot using GPT-4 Vision alongside old-school web nostalgia banners for Firefox, AIM, and WinRAR.
2026-07-07 BruCON 2013 BruCON 0x05 is the 2013 edition of Belgium's annual information security conference, bringing together researchers, professionals, and hackers for two days of talks, workshops, and hands-on training. The site archives the full conference schedule, training sessions on topics like PDF hacking and injection flaws, ticketing info, and sponsor listings from the event held in September 2013.
2026-07-07 CGISecurity.com CGISecurity.com bills itself as the oldest application security site online, predating OWASP, and covers topics ranging from XSS and CSRF to cryptography, web application firewalls, and vulnerability research. Run by Robert Auger, the site offers advisories, research papers, security tool roundups, and a deep archive of industry news and commentary stretching back to 2001.
2026-07-07 cleberg.net Christian Cleberg is a Technology Assurance Manager at KPMG who publishes technical guides, AWS security auditing posts, and personal projects through this minimalist personal site. Recent posts focus on auditing AWS IAM users, passwords, and S3 buckets, making it a useful stop for cloud security and IT assurance content.
2026-07-07 Dig Deeper Dig Deeper is a privacy and security-focused resource site covering browser selection, spyware testing, email providers, VPNs, darknet setup, and critiques of major software like Mozilla and various search engines. The site goes deep into practical guides and opinion pieces on digital autonomy, making it a substantial destination for anyone serious about escaping surveillance and corporate tech.
2026-07-07 Email Self-Defense - a guide to fighting surveillance with GnuPG encryption Published by the Free Software Foundation, Email Self-Defense is a step-by-step guide teaching readers how to encrypt their email using GnuPG to resist bulk surveillance and protect their privacy. Available in over 15 languages, the guide walks users through setting up encryption on Mac, Windows, and Linux with clear illustrated steps and an accompanying infographic.
2026-07-07 Fight Back Against Spammers SpamPoison is a community tool that has been trapping email-harvesting bots since 2003 by luring them into an infinite loop of dynamically generated fake email addresses on spammer-owned domains. Webmasters can join the fight by adding a simple link to their site, redirecting spam bots to poison traps that render their harvested lists commercially useless.
2026-07-07 Full Disclosure Windows Vista/7: SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.: An archived post from the Full Disclosure security mailing list, documenting a critical SMB2.0 vulnerability in Windows Vista and Windows 7 discovered by Laurent Gaffié in 2009. The post includes a proof-of-concept Python script that triggers a remote Blue Screen of Death by sending a malformed SMB header, making it a valuable historical reference for security researchers.
2026-07-07 Hacking The Interwebs GNUCITIZEN is a security research blog by pdp and collaborators, focused on exposing web vulnerabilities including UPnP exploitation, XSS attacks, and router reconfiguration weaknesses. This 2008 post details a serious design-level flaw allowing UPnP to be abused across the web without XSS, making it a compelling read for anyone interested in network security research.
2026-07-07 Hello - fyr.io Matt is a UK sysadmin who runs this ever-evolving personal site covering infosec, the indieweb movement, and life both on and offline. The site features multiple custom themes, a changelog documenting its evolution, technical guides, and a curated collection of favourite corners of the internet to explore.
2026-07-07 Home - Web Application Security Consortium The Web Application Security Consortium (WASC) is a 501c3 nonprofit bringing together international security experts to produce open-source best-practice standards for web application security. The site hosts technical documentation, security guidelines, threat classifications, a web hacking incidents database, and collaborative research projects used by developers, governments, and security professionals worldwide.
2026-07-07 HOWTO bypass Internet Censorship, a tutorial on getting around filters and blocked ports Created by Freerk, this comprehensive tutorial covers dozens of techniques for bypassing internet censorship, including proxies, shell accounts, JAP, and circumventing blocked ports in schools, workplaces, and countries with restrictive filtering. It documents specific censorware products like NetNanny, WebSense, and DansGuardian, making it a rare and detailed reference for anyone facing restricted internet access.
2026-07-07 It's a shampoo world anyway The personal weblog of Martin Johns (aka Maddin), a security researcher whose posts focus on web security topics including CSRF protection, XSS detection, DNS rebinding, Firefox extensions, and OWASP conference coverage. It offers a window into early-to-late 2000s browser security research, with references to tools like NoScript, LocalRodeo, noXSS, and XSSDS that Johns developed or contributed to.
2026-07-07 Killing the Evercookie - Part2 MobileSafari - Dominic White Dominic White's technical blog dives into browser privacy and tracking vulnerabilities, with this post investigating how the Evercookie persistent tracking mechanism operates on iOS MobileSafari and embedded WebKit apps. The research reveals significant privacy gaps in Apple's mobile platform and offers practical steps for jailbroken iPhone users to defend against supercookies.
2026-07-07 mfzx Maxwell S. Fritz's personal site covers their work and interests in cybersecurity, software engineering, telecommunications, and amateur radio, with a strong emphasis on privacy as a fundamental human right. Visitors will find links to projects, a directory, updates, and connections to webrings like The Hacker Webring and IndieWeb Webring.
2026-07-07 No Trace Project The No Trace Project is a multilingual security resource for anarchists and activists, providing tools to understand surveillance capabilities, counter infiltration, and practice operational security. It features a threat library, a database of known infiltrators, documented cases of hidden surveillance devices, and zines covering counter-repression strategies across more than a dozen languages.
2026-07-07 Page Hijack Exploit – 302, redirects and Google (clsc.net) Written by Claus Schmidt in 2005, this technical article exposes the '302 page hijack' exploit, a method by which malicious webmasters could use server redirects to displace competitors' pages from search engine results. It covers how the attack works, which search engines were vulnerable, and practical precautions both victims and potential hijackers can take.
2026-07-07 Shellsharks Mike's digital garden at Shellsharks covers infosec research, technology, and personal life across a richly interconnected set of blogs, notebooks, and logs. A self-described 'Internet homesteader,' Mike has built an expansive personal web presence complete with a podcast, linklog, devlog, and Fediverse integration that makes it a compelling destination for security-minded web explorers.
2026-07-07 sqlninja - a SQL Server injection & takeover tool Sqlninja is an open-source penetration testing tool designed to exploit SQL Injection vulnerabilities in web applications backed by Microsoft SQL Server, automating the process of gaining remote access to vulnerable database servers. Created by 'icesurfer', it includes attack modules, a Metasploit wrapper, DNS tunneling for data extraction, and even a hidden Easter Egg that streams music.
2026-07-07 The Art of ARP Spoofing/Flooding/Poisoning | www.SecurityXploded.com SecurityXploded is an information security research organization offering in-depth technical articles on topics like ARP spoofing, flooding, and poisoning alongside over 200 free security and password recovery tools. This particular article dives into network-layer attack techniques including MITM attacks and ARP cache manipulation, making it a valuable reference for security professionals and enthusiasts alike.
2026-07-07 The Hive The Hive is the personal corner of Apis Necros, a cybersecurity enthusiast who writes about cryptography, hacking, philosophy, and general life alongside showcasing original JavaScript prototypes and cipher experiments. Notable projects include a self-designed PentaBit Cipher and a Diffusion-limited Aggregation simulation, making this a genuinely curious blend of technical creativity and indie web spirit.
2026-07-07 The Joy of Cryptography The Joy of Cryptography is a free online undergraduate textbook by Mike Rosulek, published by MIT Press, covering provable security from one-time pads and pseudorandomness through RSA, zero-knowledge proofs, and post-quantum cryptography. The first three chapters are available under a Creative Commons license, with the remaining chapters releasing in July 2026, making it an invaluable open resource for students and educators alike.
2026-07-07 The SQL Injection Knowledge Base A comprehensive reference covering SQL injection techniques across MySQL, MSSQL, Oracle, and other database platforms, with detailed cheat sheets for testing, exploitation, obfuscation, and prevention. The Knowledge Base is organized as a dense technical reference for security researchers and penetration testers, covering everything from basic injection testing to advanced topics like out-of-band channeling and password cracking.
2026-07-07 Tools - www.technicalinfo.net TechnicalInfo.net by Gunter Ollmann offers a comprehensive toolkit for passive information gathering, including domain WHOIS lookups, DNS records, IP address lookups, traceroutes, and bandwidth speed tests. The collection is aimed at security researchers and network administrators, with tools organized around reconnaissance techniques and network analysis.
2026-07-07 whoami Fallon (also known as grimm or asclepius) is a 21-year-old security researcher and malware developer who specializes in CTF competitions, exploit development, and adversarial emulation using C and Go. The site doubles as a hub for their many creative pursuits, including electronic music production under several monikers and self-hosted fediverse and Matrix instances.
2026-07-07 whatisdeepfried.com Jason Yungbluth's webcomic hub hosts hundreds of strips across multiple series, including the sprawling post-apocalyptic 'Weapon Brown' and the darkly satirical 'Deep Fried,' featuring characters like Beepo the clown. With over a thousand pages of original comics spanning political caricature, adult humor, and genre parody, it's a substantial archive of edgy independent cartooning.
2026-07-07 ¡BeReNjEnAs! Brownie (La bufona) runs this lively Spanish-language personal blog featuring daily anecdotes, Flash animations, fan art, and original comics. The site has a playful, irreverent tone and spans years of creative content including humor, storytelling, and illustrated posts.
2026-07-07 [INHUMAN] a sci-fi webcomic Inhuman is a long-running sci-fi webcomic created by Hekshano Industries, featuring original characters, artwork, and an ongoing story updated over many years. The site includes a print shop, fan works, and a personal blog where the creator shares life updates alongside comic progress.
2026-07-07 AVARICE IS MY DARLING'S VICE The official home of 'Avarice Is My Darling's Vice,' a right-to-left webcomic by artist Nozmo about greed, high school, religion, and unraveling sanity. Four chapters are available to read online or download via itch.io, with a cast of vividly described characters and links to the creator's other comics.
2026-07-07 Bloktic's Domain Bloktic's Domain is the creative hub of a hobbyist creator named Bloktic, featuring an ongoing webcomic called Clark-Gibson (approaching its 200th issue) and original games including a puzzle title in development called MECObot. The site blends comic updates, game development progress posts, and a warm community feel with a guestbook and site button for linking.