~ Early Web Links ~

Fallon (also known as grimm or asclepius) is a 21-year-old security researcher and malware developer who specializes in CTF competitions, exploit development, and adversarial emulation using C and Go. The site doubles as a hub for their many creative pursuits, including electronic music production under several monikers and self-hosted fediverse and Matrix instances.

The personal weblog of Martin Johns (aka Maddin), a security researcher whose posts focus on web security topics including CSRF protection, XSS detection, DNS rebinding, Firefox extensions, and OWASP conference coverage. It offers a window into early-to-late 2000s browser security research, with references to tools like NoScript, LocalRodeo, noXSS, and XSSDS that Johns developed or contributed to.

Dominic White's technical blog dives into browser privacy and tracking vulnerabilities, with this post investigating how the Evercookie persistent tracking mechanism operates on iOS MobileSafari and embedded WebKit apps. The research reveals significant privacy gaps in Apple's mobile platform and offers practical steps for jailbroken iPhone users to defend against supercookies.

Created by Freerk, this comprehensive tutorial covers dozens of techniques for bypassing internet censorship, including proxies, shell accounts, JAP, and circumventing blocked ports in schools, workplaces, and countries with restrictive filtering. It documents specific censorware products like NetNanny, WebSense, and DansGuardian, making it a rare and detailed reference for anyone facing restricted internet access.

Published by the Free Software Foundation, Email Self-Defense is a step-by-step guide teaching readers how to encrypt their email using GnuPG to resist bulk surveillance and protect their privacy. Available in over 15 languages, the guide walks users through setting up encryption on Mac, Windows, and Linux with clear illustrated steps and an accompanying infographic.

The Web Application Security Consortium (WASC) is a 501c3 nonprofit bringing together international security experts to produce open-source best-practice standards for web application security. The site hosts technical documentation, security guidelines, threat classifications, a web hacking incidents database, and collaborative research projects used by developers, governments, and security professionals worldwide.

Anurag Agarwal's threat modeling blog dives into real-world web security vulnerabilities, including this post presenting a working proof-of-concept Ajax sniffer that overrides XMLHttpRequest to intercept and exfiltrate data. The site covers topics like XSS, Ajax worms, SQL injection, clipboard theft, and secure SDLC integration, making it a valuable technical resource for security researchers and developers.

The Hive is the personal corner of Apis Necros, a cybersecurity enthusiast who writes about cryptography, hacking, philosophy, and general life alongside showcasing original JavaScript prototypes and cipher experiments. Notable projects include a self-designed PentaBit Cipher and a Diffusion-limited Aggregation simulation, making this a genuinely curious blend of technical creativity and indie web spirit.

SecurityXploded is an information security research organization offering in-depth technical articles on topics like ARP spoofing, flooding, and poisoning alongside over 200 free security and password recovery tools. This particular article dives into network-layer attack techniques including MITM attacks and ARP cache manipulation, making it a valuable reference for security professionals and enthusiasts alike.

SpamPoison is a community tool that has been trapping email-harvesting bots since 2003 by luring them into an infinite loop of dynamically generated fake email addresses on spammer-owned domains. Webmasters can join the fight by adding a simple link to their site, redirecting spam bots to poison traps that render their harvested lists commercially useless.