~ Early Web Links ~

The Joy of Cryptography is a free online undergraduate textbook by Mike Rosulek, published by MIT Press, covering provable security from one-time pads and pseudorandomness through RSA, zero-knowledge proofs, and post-quantum cryptography. The first three chapters are available under a Creative Commons license, with the remaining chapters releasing in July 2026, making it an invaluable open resource for students and educators alike.

BruCON 0x05 is the 2013 edition of Belgium's annual information security conference, bringing together researchers, professionals, and hackers for two days of talks, workshops, and hands-on training. The site archives the full conference schedule, training sessions on topics like PDF hacking and injection flaws, ticketing info, and sponsor listings from the event held in September 2013.

The No Trace Project is a multilingual security resource for anarchists and activists, providing tools to understand surveillance capabilities, counter infiltration, and practice operational security. It features a threat library, a database of known infiltrators, documented cases of hidden surveillance devices, and zines covering counter-repression strategies across more than a dozen languages.

Christian Cleberg is a Technology Assurance Manager at KPMG who publishes technical guides, AWS security auditing posts, and personal projects through this minimalist personal site. Recent posts focus on auditing AWS IAM users, passwords, and S3 buckets, making it a useful stop for cloud security and IT assurance content.

Mike's digital garden at Shellsharks covers infosec research, technology, and personal life across a richly interconnected set of blogs, notebooks, and logs. A self-described 'Internet homesteader,' Mike has built an expansive personal web presence complete with a podcast, linklog, devlog, and Fediverse integration that makes it a compelling destination for security-minded web explorers.

The personal weblog of Martin Johns (aka Maddin), a security researcher whose posts focus on web security topics including CSRF protection, XSS detection, DNS rebinding, Firefox extensions, and OWASP conference coverage. It offers a window into early-to-late 2000s browser security research, with references to tools like NoScript, LocalRodeo, noXSS, and XSSDS that Johns developed or contributed to.

SpamPoison is a community tool that has been trapping email-harvesting bots since 2003 by luring them into an infinite loop of dynamically generated fake email addresses on spammer-owned domains. Webmasters can join the fight by adding a simple link to their site, redirecting spam bots to poison traps that render their harvested lists commercially useless.

An archived post from the Full Disclosure security mailing list, documenting a critical SMB2.0 vulnerability in Windows Vista and Windows 7 discovered by Laurent Gaffié in 2009. The post includes a proof-of-concept Python script that triggers a remote Blue Screen of Death by sending a malformed SMB header, making it a valuable historical reference for security researchers.