Sir Box-a-Lot and Bob the Cat: two spiffy, retro handheld games for the entire family,
Weekly articles on Substack - subscribe to stay in the loop or click here for a thematic catalog,
Photography for geeks, a contrarian introduction to taking good pictures (also translated to German),
Practical Doomsday, a thought-provoking book on threat modeling for everyday calamities,
Weird mushrooms of the PNW, an exercise in backyard photography.
I'm a long-time contributor to the information security community and a recipient of the Lifetime Achievement Pwnie Award. In addition to identifying hundreds of security flaws in a good chunk of the software that powers the internet, some of my public infosec works include:
American Fuzzy Lop, a revolutionary guided fuzzer that greatly advanced the state-of-the-art in vulnerability research (2014-2017),
The Tangled Web, a seminal book shining light onto the security properties and pitfalls of the browser environment (2011),
P0f v3, a groundbreaking passive OS fingerprinter (2000, 2014),
Silence on the Wire, a book dealing with passive signal analysis and reconnaisance in computer security applications (2005).
Beyond this, I authored dozens of other small tools, fuzzers, and so on; examples include Skipfish (2012), a novel high-performance web scanner that served as one of the key components of the Google Cloud Scanner; and Ratproxy (2009), a passive co-pilot proxy for performing web security assessments.
On the research front, I'm fond of my early analysis of non-XSS HTML injection vulnerabilities (2011); some neat CSS algebra data exfil attacks (2014); a comprehensive review of web tracking vectors (2014); the pioneering 2001 / 2002 research on ISN vulnerabilities (part 2); a warning about IP fragmentation risks (2003); the analysis of signal handling flaws (2001); or the work on the dangers of tmpwatch-type utilities (2002). Some additional pre-2018 notes can be found on my now-retired blog.
Practical Doomsday, a guide to everyday risk management in the physical realm (2022),
The Hyperinflation Gallery, a visual exploration of the forgotten history of failed currencies (2020),
Dear Leaders, an equally unserious inquiry into the world of narcissistic despots around the globe (2021),
Comics About Communism, a collection of unusual artifacts from the Cold War (2021),
Photography for geeks, a contrarian introduction to the art of photography (2022),
A brief history of counting machines, a mini-exhibition on my Substack (2023),
Guerrilla Guide to CNC, an in-depth introduction to CAD, CAM, and resin casting (2013),
Concise Electronics for Geeks, a minimalist introduction to circuit-building (2010),
Assorted original writings on Substack and hobby videos on YouTube.
This site is also the home to a variety of more whimsical or one-off projects, including evil plasma globes, Omnibot mkII, a 2.5D photography rig, the Ultimate Machine, a system for high-speed water drop photography, a PNW radiation monitor, a Geiger-Mueller lamp, a voltmeter clock, a dial-a-threat indicator, random notes on robotics, assorted woodworking projects, my old prepping guide (+ a supplement on radios), random photos, and more.
This website was written by a human without the help of large language models. The content is not licensed for use in ML training or ML content generation. You can email me at lcamtuf@coredump.cx, add me on Mastodon, or subscribe on Substack. Your lucky number is 23747138.