~ Early Web Links ~

Fallon (also known as grimm or asclepius) is a 21-year-old security researcher and malware developer who specializes in CTF competitions, exploit development, and adversarial emulation using C and Go. The site doubles as a hub for their many creative pursuits, including electronic music production under several monikers and self-hosted fediverse and Matrix instances.

The personal site of bad.download, a tech-industry professional who writes about cybersecurity, privacy, digital preservation, and generative AI models. Minimal but thoughtful in scope, it features links to personal projects like a Discord bot using GPT-4 Vision alongside old-school web nostalgia banners for Firefox, AIM, and WinRAR.

Christian Cleberg is a Technology Assurance Manager at KPMG who publishes technical guides, AWS security auditing posts, and personal projects through this minimalist personal site. Recent posts focus on auditing AWS IAM users, passwords, and S3 buckets, making it a useful stop for cloud security and IT assurance content.

The personal weblog of Martin Johns (aka Maddin), a security researcher whose posts focus on web security topics including CSRF protection, XSS detection, DNS rebinding, Firefox extensions, and OWASP conference coverage. It offers a window into early-to-late 2000s browser security research, with references to tools like NoScript, LocalRodeo, noXSS, and XSSDS that Johns developed or contributed to.

Maia Arson Crimew is a Swiss hacktivist, investigative journalist, and musician whose personal site serves as a hub for her technical security research, hacking write-ups, and journalistic work including a column for the Swiss magazine Das Lamm. The site links to a blog covering high-profile hacks and hacktivism, music projects, DJ work, and sample packs, making it a fascinating window into one of the more notable figures in modern hacktivist circles.

The No Trace Project is a multilingual security resource for anarchists and activists, providing tools to understand surveillance capabilities, counter infiltration, and practice operational security. It features a threat library, a database of known infiltrators, documented cases of hidden surveillance devices, and zines covering counter-repression strategies across more than a dozen languages.

Written by Claus Schmidt in 2005, this technical article exposes the '302 page hijack' exploit, a method by which malicious webmasters could use server redirects to displace competitors' pages from search engine results. It covers how the attack works, which search engines were vulnerable, and practical precautions both victims and potential hijackers can take.

Anurag Agarwal's threat modeling blog dives into real-world web security vulnerabilities, including this post presenting a working proof-of-concept Ajax sniffer that overrides XMLHttpRequest to intercept and exfiltrate data. The site covers topics like XSS, Ajax worms, SQL injection, clipboard theft, and secure SDLC integration, making it a valuable technical resource for security researchers and developers.