~ Early Web Links ~

The personal weblog of Martin Johns (aka Maddin), a security researcher whose posts focus on web security topics including CSRF protection, XSS detection, DNS rebinding, Firefox extensions, and OWASP conference coverage. It offers a window into early-to-late 2000s browser security research, with references to tools like NoScript, LocalRodeo, noXSS, and XSSDS that Johns developed or contributed to.

Maia Arson Crimew is a Swiss hacktivist, investigative journalist, and musician whose personal site serves as a hub for her technical security research, hacking write-ups, and journalistic work including a column for the Swiss magazine Das Lamm. The site links to a blog covering high-profile hacks and hacktivism, music projects, DJ work, and sample packs, making it a fascinating window into one of the more notable figures in modern hacktivist circles.

CGISecurity.com bills itself as the oldest application security site online, predating OWASP, and covers topics ranging from XSS and CSRF to cryptography, web application firewalls, and vulnerability research. Run by Robert Auger, the site offers advisories, research papers, security tool roundups, and a deep archive of industry news and commentary stretching back to 2001.

The Hive is the personal corner of Apis Necros, a cybersecurity enthusiast who writes about cryptography, hacking, philosophy, and general life alongside showcasing original JavaScript prototypes and cipher experiments. Notable projects include a self-designed PentaBit Cipher and a Diffusion-limited Aggregation simulation, making this a genuinely curious blend of technical creativity and indie web spirit.

Fallon (also known as grimm or asclepius) is a 21-year-old security researcher and malware developer who specializes in CTF competitions, exploit development, and adversarial emulation using C and Go. The site doubles as a hub for their many creative pursuits, including electronic music production under several monikers and self-hosted fediverse and Matrix instances.

SecurityXploded is an information security research organization offering in-depth technical articles on topics like ARP spoofing, flooding, and poisoning alongside over 200 free security and password recovery tools. This particular article dives into network-layer attack techniques including MITM attacks and ARP cache manipulation, making it a valuable reference for security professionals and enthusiasts alike.

GNUCITIZEN is a security research blog by pdp and collaborators, focused on exposing web vulnerabilities including UPnP exploitation, XSS attacks, and router reconfiguration weaknesses. This 2008 post details a serious design-level flaw allowing UPnP to be abused across the web without XSS, making it a compelling read for anyone interested in network security research.

SpamPoison is a community tool that has been trapping email-harvesting bots since 2003 by luring them into an infinite loop of dynamically generated fake email addresses on spammer-owned domains. Webmasters can join the fight by adding a simple link to their site, redirecting spam bots to poison traps that render their harvested lists commercially useless.

Written by Claus Schmidt in 2005, this technical article exposes the '302 page hijack' exploit, a method by which malicious webmasters could use server redirects to displace competitors' pages from search engine results. It covers how the attack works, which search engines were vulnerable, and practical precautions both victims and potential hijackers can take.

The No Trace Project is a multilingual security resource for anarchists and activists, providing tools to understand surveillance capabilities, counter infiltration, and practice operational security. It features a threat library, a database of known infiltrators, documented cases of hidden surveillance devices, and zines covering counter-repression strategies across more than a dozen languages.