lcamtuf.coredump.cx Open in urlscan Pro
2606:4700:3036::6815:53c0  Public Scan

Form analysis
0 forms found in the DOM

Text Content

LCAMTUF.COREDUMP.CX


HOT OFF THE PRESSES

 * Weekly articles on Substack - electronics, CS, and more. Subscribe or browse
   a thematic catalog,

 * Sir Box-a-Lot and Bob the Cat: two spiffy, retro handheld games for the
   entire family,

 * Photography for geeks, a contrarian introduction to taking good pictures
   (also translated to German),

 * Practical Doomsday, a thought-provoking book on threat modeling for everyday
   calamities,

 * Weird mushrooms of the PNW, an exercise in backyard photography.


INFOSEC PUBLICATIONS (PRE-2018)

I'm a long-time contributor to the information security community and a
recipient of the Lifetime Achievement Pwnie Award. In addition to identifying
hundreds of security flaws in a good chunk of the software that powers the
internet, some of my public infosec works include:

 * American Fuzzy Lop, a revolutionary guided fuzzer that greatly advanced the
   state-of-the-art in vulnerability research (2014-2017),

 * The Tangled Web, a seminal book shining light onto the security properties
   and pitfalls of the browser environment (2011),

 * P0f v3, a groundbreaking passive OS fingerprinter (2000, 2014),

 * Silence on the Wire, a book dealing with passive signal analysis and
   reconnaisance in computer security applications (2005).

Beyond this, I authored dozens of other small tools, fuzzers, and so on;
examples include Skipfish (2012), a novel high-performance web scanner that
served as one of the key components of the Google Cloud Scanner; and Ratproxy
(2009), a passive co-pilot proxy for performing web security assessments.

On the research front, I'm fond of my early analysis of non-XSS HTML injection
vulnerabilities (2011); some neat CSS algebra data exfil attacks (2014); a
comprehensive review of web tracking vectors (2014); the pioneering 2001 / 2002
research on ISN vulnerabilities (part 2); a warning about IP fragmentation risks
(2003); the analysis of signal handling flaws (2001); or the work on the dangers
of tmpwatch-type utilities (2002). Some additional pre-2018 notes can be found
on my now-retired blog.


OTHER INTERESTS

 * Practical Doomsday, a guide to everyday risk management in the physical realm
   (2022),

 * The Hyperinflation Gallery, a visual exploration of the forgotten history of
   failed currencies (2020),

 * Dear Leaders, an equally unserious inquiry into the world of narcissistic
   despots around the globe (2021),

 * Comics About Communism, a collection of unusual artifacts from the Cold War
   (2021),

 * Photography for geeks, a contrarian introduction to the art of photography
   (2022),

 * A brief history of counting machines, a mini-exhibition on my Substack
   (2023),

 * Guerrilla Guide to CNC, an in-depth introduction to CAD, CAM, and resin
   casting (2013),

 * Concise Electronics for Geeks, a minimalist introduction to circuit-building
   (2010),

 * Assorted original writings on Substack and hobby videos on YouTube.

This site is also the home to a variety of more whimsical or one-off projects,
including evil plasma globes, Omnibot mkII, a 2.5D photography rig, the Ultimate
Machine, a system for high-speed water drop photography, a PNW radiation
monitor, a Geiger-Mueller lamp, a voltmeter clock, a dial-a-threat indicator,
random notes on robotics, assorted woodworking projects, my old prepping guide
(+ a supplement on radios), random photos, and more.

This website was written by a human without the help of large language models.
The content is not licensed for use in ML training or ML content generation. You
can email me at lcamtuf@coredump.cx, add me on Mastodon or Twitter, or subscribe
on Substack. Your lucky number is 23957825.