This was my first write up for the year, It should have been the first posted this year, but I just slacked off and let it gather dust. I spent so much time adding all the links, you can see how unproductive that was.

It is Wed, 25th March, 1:50 AM as I type this, but the complete write up was made in Obsidian, without the links of course on 1st Jan, 2026

📚 Computer Stuff

  1. BlackHat GraphQL – Dolev Farhi & Nick Aleks (Read 2)— Black Hat
  2. Grokking Web Application Security – Malcolm McDonald — Manning
  3. Web Application Security: Exploitation and Countermeasures for Modern Web Applications – Andrew Hoffman — O'Reilly
  4. Bug Bounty Bootcamp – Vickie Li (Read 2x) — No Starch Press
  5. Real-World Bug Hunting – Peter Yaworski (Read 2x) — No Starch Press
  6. Hacking APIs – Corey J. Ball (Read 2x) — No Starch Press
  7. Attacking and Exploiting Modern Web Applications – Simone & Donato Onofri — Packt
  8. Production Ready GraphQL – Marc-Andre Giroux — Pragmatic Bookshelf

🧠 Self Development

  1. The Almanack of Naval Ravikant – Eric Jorgenson (Read 2x) — Official Site
  2. Deep Work – Cal Newport — Goodreads
  3. Essentialism – Greg McKeown — Official Site
  4. Grit – Angela Duckworth (Completed in first week of January 2026) — Official Site

📖 Read but Not Completed

Computer Stuff

  1. The Tangled Web – Michal Zalewski (Parts 1-2 out of 3) — No Starch Press
  2. Burp Suite Cookbook – Dr. Sunny Wear (First 2 Chapters) — Packt
  3. Attacking Network Protocols – James Forshaw (First 5 Chapters) — No Starch Press
  4. Hands-On Hacking – Matthew Hickey & Jennifer Arcuri (First 5 Chapters) — Wiley
  5. From Day Zero to Zero Day – Eugene Lim (First 2 Parts, Currently reading) — No Starch Press
  6. TCP/IP Illustrated Vol. 1 – Stevens & Fall (First 3 Chapters) — Pearson / InformIT
  7. OAuth 2 in Action (Part 1-3 out of 4) — Manning
  8. The Go Programming Language — Official Site
  9. Learning Go – Jon Bodner - (First 5 Chapters) — O'Reilly
  10. Modern JavaScript for the Impatient (First 3 Chapters) — O'Reilly
  11. Computer Networking: A Top-Down Approach (Currently Reading, 2 Application Layer) — Pearson

Self Development

  1. The Courage to Be Disliked - Hard Copy (First 4 Nights/Chapters) — Goodreads
  2. Mastery – Robert Greene - Hard Copy (First IV parts/chapters) — Author Site
  3. Think and Grow Rich – Napoleon Hill - 3rd Re-Read - First read was in 2020 lockdown - (First 6 Chapters)— Goodreads
  4. The 4 Disciplines of Execution (First 3 Chapters) — Chris McChesney, Sean Covey, Jim Huling, Beverly Walker, Scott Thele - FranklinCovey

🧪 Explored (Selective Reading)

  1. The Rust Programming Language (A few Chapters here and there so I don't get too Rusty) — Official Book
  2. Programming Rust (A few Chapters here and there so I don't get too Rusty) — O'Reilly
  3. Rust Atomics and Locks (First 3 Chapters) — Author Site
  4. Mastering Ethereum (First 8 Chapters) — GitHub
  5. Practical Binary Analysis — No Starch Press
  6. Secure by Design (First 3 Chapters) — Dan bergh, Johnsson Daniel, Deogun Daniel, Sawano - Manning
  7. Black Hat Go — (First 2 Chapters) - No Starch Press
  8. X41 Browser Security Whitepaper — X41
  9. mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations – Cure53
  10. Cure53 Browser Security White Paper 2017
  11. Thinking Fast and Slow (Hard Copy) - Daniel Kahneman (Introduction and Chapter One)
  12. The Innovators Dilemma (Hard Copy) - Clayton M Christensen (Introduction)
  13. Influence: The Psychology of Persuasion (Hard Copy) - Robert B. Cialdini (First 2 Chapters)
  14. The Linux Programming Interface (First 3 Chapters) – Michael Kerrisk — No Starch Press | Official Site
  15. How Computers Really Work (First 3 Chapters) – Matthew Justice — No Starch Press | Official Site
  16. Dive into Systems (First 3 Chapters) – Suzanne J. Matthews, Tia Newhall, Kevin C. Webb — Read Free Online | No Starch Press
  17. Kafka: The Definitive Guide (Intro)– Neha Narkhede, Gwen Shapira, Todd Palino — O'Reilly | Confluent (free)
  18. Abstracting Away the Machine: The History of the FORTRAN Programming Language – Mark Jones Lorenzo — Amazon | Goodreads
  19. Let's Go – Alex Edwards — Official Site
  20. Let's Go Further – Alex Edwards — Official Site

📄 Papers

  1. Web Cache Poisoning in the Wild — PortSwigger
  2. Web Cache Entanglement – James Kettle — PortSwigger Research
  3. A New Era of SSRF: Exploiting URL Parser in Trending Programming Languages! - Orange Tsai - PDF Paper
  4. Host of Troubles Vulnerabilities
  5. JavaScript Prototype Pollution — Snyk
  6. Server-Side Template Injection - James Kettle – PortSwigger Research
  7. Internet’s Invisible Enemy: Detecting and Measuring Web Cache - PDF Paper
  8. Your Cache Has Fallen: Cache-Poisoned Denial-of-Service AttackPDF Paper
  9. Web Cache Deception Escalates - PDF Paper
  10. Hidden Web Caches Discovery - PDF Paper
  11. Cached and Confused: Web Cache Deception in the Wild - PDF Paper
  12. Gotta Cache 'em All - Martin Doyhenard PortSwigger Research
  13. Exploiting URL Parsers: The Good, Bad, and Inconsistent - PDF Paper
  14. Zseano's Methodology - Zseano Blog
  15. JavaScript Prototype Pollution Attack in NodeJS Youtube Video

A lot of Papers around mobile device tracking

📝 Blogs

Lol, I can't remember. I didn't think I should keep a record. Some were great, some blew my mind, some I knew were just a waste of time but I kinda still read in the spirit of covering grounds.

  1. Douglas Day
  2. Sam Curry
  3. High Agency

A long-term project: reviewing historic Top-10 Web Hacking Techniques (2006–present), identifying dead techniques, broken links, and evolving prerequisites. HTTP Request Smuggling scheduled for a 2026 deep dive.

A highlight is that I decided to read all the Top 10 Web Hacking Techniques. From 2006. Summary is that the older links were broken, most of the older techniques basically are dead, for example the Flash Techniques. I didn't actually read all because with some I felt I didn't have the prerequisite knowledge to understand. PHP/Java deserialization bugs I am looking at you. Some we also just too long. Cure53 browser security paper I am looking at you. I scheduled some classes of bugs to deep dive in to in 2026. HTTP Request Smuggling, I am looking at you.

In All I intend to write a blog post about why I did that and what I learned. Stay tuned.