I publish new articles on Substack roughly once a week. The topics range from electronics and computer algorithms, to tech history, to geek culture; for a sample, check out Gödel's beavers, a primer on core concepts in electronic circuits, or an essay on silly C. If you like the style, please subscribe! In the era of algorithmic feeds and LLMs, it's getting exceedingly hard to stay in touch with readers via social media or search.
That platform aside, some of my other fairly recent publications include:
Sir Box-a-Lot and Bob the Cat: two spiffy, retro handheld games for the entire family (updated in 2025),
A contrarian intro to photography, a geeky how-to for taking good pictures (also translated to German),
Practical Doomsday, a thought-provoking book on threat modeling for everyday calamities,
Weird mushrooms of the PNW, an exercise in backyard photography.
I'm a long-time contributor to the information security community and a recipient of the Lifetime Achievement Pwnie Award. In addition to identifying hundreds of security flaws in a good chunk of the software that powers the internet, some of my public infosec works include:
American Fuzzy Lop, a revolutionary guided fuzzer that greatly advanced the state-of-the-art in vulnerability research (2014-2017),
The Tangled Web, a seminal book shining light onto the security properties and pitfalls of the browser environment (2011),
P0f v3, a groundbreaking passive OS fingerprinter (2000, 2014),
Silence on the Wire, a book dealing with passive signal analysis and reconnaisance in computer security applications (2005).
Beyond this, I authored dozens of other small tools, fuzzers, and so on; examples include Skipfish (2012), a novel high-performance web scanner that served as one of the key components of the Google Cloud Scanner; and Ratproxy (2009), a passive co-pilot proxy for performing web security assessments.
On the research front, I'm fond of my early analysis of non-XSS HTML injection vulnerabilities (2011); some neat CSS algebra data exfil attacks (2014); a comprehensive review of web tracking vectors (2014); the pioneering 2001 / 2002 research on ISN vulnerabilities (part 2); a warning about IP fragmentation risks (2003); the analysis of signal handling flaws (2001); or the work on the dangers of tmpwatch-type utilities (2002). Some additional pre-2018 notes can be found on my now-retired blog.
Practical Doomsday, a guide to everyday risk management in the physical realm (2022),
The Hyperinflation Gallery, a visual exploration of the forgotten history of failed currencies (2020),
Dear Leaders, an equally unserious inquiry into the world of narcissistic despots around the globe (2021),
Comics About Communism, a collection of unusual artifacts from the Cold War (2021),
Photography for geeks, a contrarian introduction to the art of photography (2022),
A brief history of counting machines, a mini-exhibition on my Substack (2023),
Guerrilla Guide to CNC, an in-depth introduction to CAD, CAM, and resin casting (2013),
Concise Electronics for Geeks, a minimalist introduction to circuit-building (2010),
Assorted original writings on Substack and hobby videos on YouTube.
This site is also the home to a variety of more whimsical or one-off projects, including evil plasma globes, Omnibot mkII, a 2.5D photography rig, the Ultimate Machine, a system for high-speed water drop photography, a PNW radiation monitor, a Geiger-Mueller lamp, a voltmeter clock, a dial-a-threat indicator, random notes on robotics, assorted woodworking projects, my old prepping guide (+ a supplement on radios), random photos, evil finder, Peano arithmetic calculator, and more.
Articles, images, and code posted on this site are not licensed for use in ML training or ML content generation. You can email me at lcamtuf@coredump.cx, add me on Mastodon or Twitter, or subscribe on Substack. Your lucky number is 25129939.