lcamtuf.coredump.cx Open in urlscan Pro
2606:4700:3036::ac43:b4de  Public Scan

Form analysis
0 forms found in the DOM

Text Content

LCAMTUF. COREDUMP. CX

My latest book, Practical Doomsday, is now out. Please check it out - I think
it's my best work so far.

Welcome to my homepage. My name is Michal Zalewski. I'm a long-time contributor
to the information security community and a proud recipient of the Lifetime
Achievement Pwnie Award. In addition to identifying hundreds of security flaws
in a good chunk of the software that powers the internet, some of my more
notable infosec works include:

 * The Tangled Web, a seminal 2011 book shining the light onto the security
   properties and pitfalls of the browser environment,

 * American Fuzzy Lop, a revolutionary guided fuzzer released in 2014 that
   greatly advanced the state-of-the-art in vulnerability research,

 * P0f v3, a groundbreaking passive OS fingerprinter, first developed in 2000
   and then redesigned in 2014,

 * Silence on the Wire, an earlier 2005 book dealing with passive signal
   analysis and reconnaisance in computer security applications.

Beyond this, I authored dozens of other small tools, fuzzers, and so on; some of
the less ancient and more consequential ones include Skipfish, a novel
high-performance web scanner that later served as one of the key components of
the Google Cloud Scanner; and Ratproxy, a passive co-pilot proxy for performing
web security assessments. A variety of other engineering artifacts can be found
here.

On the research front, there's too much to catalog, but I should probably
mention the early analysis of non-XSS HTML injection vulnerabilities; some neat
CSS algebra data exfil attacks; a comprehensive review of web tracking vectors;
my pioneering 2001 / 2002 research on ISN vulnerabilities (+ a sequel); a
warning about IP fragmentation risks; the analysis of signal handling flaws; or
the work on the dangers of tmpwatch-type utilities. Some additional post-2010
notes can be found on my old blog.

I have a good number of hobbies outside of information security. Some of the
more interesting artifacts include:

 * NEW! Practical Doomsday, my 2022 book dealing with rational risk management
   and threat modeling in real life,

 * NEW! My nascent series of video tutorials, dubbed Concise Woodworking:
   episode 1, episode 2,

 * The Hyperinflation Gallery, a visual exploration of the forgotten history of
   failed currencies, published in 2020,

 * Dear Leaders, an equally unserious 2021 inquiry into the world of
   narcissistic despots around the globe,

 * Updated Comics About Communism, a 2021 collection of a class of
   long-forgotten artifacts of the Cold War,

 * Guerrilla Guide to CNC, a lengthy and in-depth introduction to CAD, CAM, and
   resin casting, released in 2013,

 * Concise Electronics for Geeks, a minimalist introduction to circuit-building,
   dating back to 2010.

This site is also the home to a variety of more whimsical or one-off projects,
including Omnibot mkII (+ new video), a 2.5D photography rig, the ultimate
machine (+ new video), a system for high-speed water drop photography (+ new
video), a Geiger-Mueller lamp (+ real-time data), voltmeter clock, a
dial-a-threat indicator, random notes on robotics, assorted woodworking
projects, my old prepping guide (+ a supplement on radios), random photos, and
more.

You can email me at lcamtuf@coredump.cx or add me on Twitter. Your lucky number
is 21241697.