~ Early Web Links ~

Written by Claus Schmidt in 2005, this technical article exposes the '302 page hijack' exploit, a method by which malicious webmasters could use server redirects to displace competitors' pages from search engine results. It covers how the attack works, which search engines were vulnerable, and practical precautions both victims and potential hijackers can take.

Christian Cleberg is a Technology Assurance Manager at KPMG who publishes technical guides, AWS security auditing posts, and personal projects through this minimalist personal site. Recent posts focus on auditing AWS IAM users, passwords, and S3 buckets, making it a useful stop for cloud security and IT assurance content.

A comprehensive reference covering SQL injection techniques across MySQL, MSSQL, Oracle, and other database platforms, with detailed cheat sheets for testing, exploitation, obfuscation, and prevention. The Knowledge Base is organized as a dense technical reference for security researchers and penetration testers, covering everything from basic injection testing to advanced topics like out-of-band channeling and password cracking.

An archived post from the Full Disclosure security mailing list, documenting a critical SMB2.0 vulnerability in Windows Vista and Windows 7 discovered by Laurent Gaffié in 2009. The post includes a proof-of-concept Python script that triggers a remote Blue Screen of Death by sending a malformed SMB header, making it a valuable historical reference for security researchers.

TechnicalInfo.net by Gunter Ollmann offers a comprehensive toolkit for passive information gathering, including domain WHOIS lookups, DNS records, IP address lookups, traceroutes, and bandwidth speed tests. The collection is aimed at security researchers and network administrators, with tools organized around reconnaissance techniques and network analysis.

Sqlninja is an open-source penetration testing tool designed to exploit SQL Injection vulnerabilities in web applications backed by Microsoft SQL Server, automating the process of gaining remote access to vulnerable database servers. Created by 'icesurfer', it includes attack modules, a Metasploit wrapper, DNS tunneling for data extraction, and even a hidden Easter Egg that streams music.

Created by Freerk, this comprehensive tutorial covers dozens of techniques for bypassing internet censorship, including proxies, shell accounts, JAP, and circumventing blocked ports in schools, workplaces, and countries with restrictive filtering. It documents specific censorware products like NetNanny, WebSense, and DansGuardian, making it a rare and detailed reference for anyone facing restricted internet access.

Matt is a UK sysadmin who runs this ever-evolving personal site covering infosec, the indieweb movement, and life both on and offline. The site features multiple custom themes, a changelog documenting its evolution, technical guides, and a curated collection of favourite corners of the internet to explore.

SK14R's personal site at CutsFromBrokenGlass is a tech-focused corner of the old web with a strong anti-surveillance bent, prominently featuring contributions to DeFlock, a community project mapping Flock license plate reader cameras. The site also links to a custom tool called sc-scrape, a tech blog, and resources, all wrapped in a minimalist ASCII-art aesthetic.

CGISecurity.com bills itself as the oldest application security site online, predating OWASP, and covers topics ranging from XSS and CSRF to cryptography, web application firewalls, and vulnerability research. Run by Robert Auger, the site offers advisories, research papers, security tool roundups, and a deep archive of industry news and commentary stretching back to 2001.