Revolutionary new technology: chat with a human! You can email me at lcamtuf@coredump.cx,
or get in touch on Mastodon or Twitter.
The book aside, I publish new articles on Substack roughly once a week. The topics range from electronics and obscure math to the history of tech, geek culture, and more. If you like what you see, please subscribe. In the era of algorithmic feeds and content farms, it's increasingly difficult to stay in touch with willing readers.
Outside of Substack, some of my other semi-recent publications include:
Sir Box-a-Lot and Bob the Cat: two spiffy, retro handheld games for the entire family (updated in 2025),
A contrarian intro to photography, a geeky how-to for taking good pictures (also translated to German),
Practical Doomsday, a thought-provoking book on threat modeling for everyday calamities,
Weird mushrooms of the PNW, an exercise in backyard photography.
Revolutionary new technology: chat with a human! You can email me at lcamtuf@coredump.cx,
or get in touch on Mastodon or Twitter.
I'm a long-time contributor to the information security community and a recipient of the Lifetime Achievement Pwnie Award. In addition to identifying hundreds of security flaws in a good chunk of the software that powers the internet, some of my public infosec works include:
American Fuzzy Lop, a revolutionary guided fuzzer that greatly advanced the state-of-the-art in vulnerability research (2014-2017),
The Tangled Web, a seminal book shining light onto the security properties and pitfalls of the browser environment (2011),
P0f v3, a groundbreaking passive OS fingerprinter (2000, 2014),
Silence on the Wire, a book dealing with passive signal analysis and reconnaisance in computer security applications (2005).
Beyond this, I authored dozens of other small tools, fuzzers, and so on; examples include Skipfish (2012), a novel high-performance web scanner that served as one of the key components of the Google Cloud Scanner; and Ratproxy (2009), a passive co-pilot proxy for performing web security assessments.
On the research front, I'm fond of my early analysis of non-XSS HTML injection vulnerabilities (2011); some neat CSS algebra data exfil attacks (2014); a comprehensive review of web tracking vectors (2014); the pioneering 2001 / 2002 research on ISN vulnerabilities (part 2); a warning about IP fragmentation risks (2003); the analysis of signal handling flaws (2001); or the work on the dangers of tmpwatch-type utilities (2002). Some additional pre-2018 notes can be found on my now-retired blog.
Practical Doomsday, a guide to everyday risk management in the physical realm (2022),
The Hyperinflation Gallery, a visual exploration of the forgotten history of failed currencies (2020),
Dear Leaders, an equally unserious inquiry into the world of narcissistic despots around the globe (2021),
Comics About Communism, a collection of unusual artifacts from the Cold War (2021),
Photography for geeks, a contrarian introduction to the art of photography (2022),
A brief history of counting machines, a mini-exhibition on my Substack (2023),
Guerrilla Guide to CNC, an in-depth introduction to CAD, CAM, and resin casting (2013),
Assorted original writings on Substack and hobby videos on YouTube.
This site is also the home to a variety of more whimsical or one-off projects, including evil plasma globes, memfetch, world's best exploit, Omnibot mkII, a 2.5D photography rig, the Ultimate Machine, a system for high-speed water drop photography, a PNW radiation monitor, a Geiger-Mueller lamp, a dial-a-threat indicator, random notes on robotics, assorted woodworking projects, my old prepping guide (+ a supplement on radios), an old introduction to electronics, random photos, evil finder, Peano arithmetic calculator, and more.
New: personal websites you should visit: click here.
Written without AI. The content on this site is not licensed for use in ML training or ML content generation. Your lucky number is 25923726.