~ Early Web Links ~

Christian Cleberg is a Technology Assurance Manager at KPMG who publishes technical guides, AWS security auditing posts, and personal projects through this minimalist personal site. Recent posts focus on auditing AWS IAM users, passwords, and S3 buckets, making it a useful stop for cloud security and IT assurance content.

A comprehensive reference covering SQL injection techniques across MySQL, MSSQL, Oracle, and other database platforms, with detailed cheat sheets for testing, exploitation, obfuscation, and prevention. The Knowledge Base is organized as a dense technical reference for security researchers and penetration testers, covering everything from basic injection testing to advanced topics like out-of-band channeling and password cracking.

GNUCITIZEN is a security research blog by pdp and collaborators, focused on exposing web vulnerabilities including UPnP exploitation, XSS attacks, and router reconfiguration weaknesses. This 2008 post details a serious design-level flaw allowing UPnP to be abused across the web without XSS, making it a compelling read for anyone interested in network security research.

Published by the Free Software Foundation, Email Self-Defense is a step-by-step guide teaching readers how to encrypt their email using GnuPG to resist bulk surveillance and protect their privacy. Available in over 15 languages, the guide walks users through setting up encryption on Mac, Windows, and Linux with clear illustrated steps and an accompanying infographic.

TechnicalInfo.net by Gunter Ollmann offers a comprehensive toolkit for passive information gathering, including domain WHOIS lookups, DNS records, IP address lookups, traceroutes, and bandwidth speed tests. The collection is aimed at security researchers and network administrators, with tools organized around reconnaissance techniques and network analysis.

Created by Freerk, this comprehensive tutorial covers dozens of techniques for bypassing internet censorship, including proxies, shell accounts, JAP, and circumventing blocked ports in schools, workplaces, and countries with restrictive filtering. It documents specific censorware products like NetNanny, WebSense, and DansGuardian, making it a rare and detailed reference for anyone facing restricted internet access.

The personal weblog of Martin Johns (aka Maddin), a security researcher whose posts focus on web security topics including CSRF protection, XSS detection, DNS rebinding, Firefox extensions, and OWASP conference coverage. It offers a window into early-to-late 2000s browser security research, with references to tools like NoScript, LocalRodeo, noXSS, and XSSDS that Johns developed or contributed to.

SpamPoison is a community tool that has been trapping email-harvesting bots since 2003 by luring them into an infinite loop of dynamically generated fake email addresses on spammer-owned domains. Webmasters can join the fight by adding a simple link to their site, redirecting spam bots to poison traps that render their harvested lists commercially useless.

Sqlninja is an open-source penetration testing tool designed to exploit SQL Injection vulnerabilities in web applications backed by Microsoft SQL Server, automating the process of gaining remote access to vulnerable database servers. Created by 'icesurfer', it includes attack modules, a Metasploit wrapper, DNS tunneling for data extraction, and even a hidden Easter Egg that streams music.

Maia Arson Crimew is a Swiss hacktivist, investigative journalist, and musician whose personal site serves as a hub for her technical security research, hacking write-ups, and journalistic work including a column for the Swiss magazine Das Lamm. The site links to a blog covering high-profile hacks and hacktivism, music projects, DJ work, and sample packs, making it a fascinating window into one of the more notable figures in modern hacktivist circles.