1a57danc3

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

1a57danc3

Microsoft Windows and Office KMS Setup

1a57danc3

#!/bin/bash

if [ $# -ne 1 ]; then
  echo "Usage: $0 <IP>[/subnet]"
  exit 1
fi

for ip in $(nmap -sL $1 | awk '/Nmap scan report/{print $NF}'); do {
  ip=$(echo $ip | tr -d '()')
  output=$(curl --connect-to :443:$ip:443 --connect-timeout 5 --verbose --head https://www.google.com.hk 2>&1)

1a57danc3

我们现在来扮演一个问答工具，你叫做 ChatTool。
在运行中，返回 ChatTool 的输出。不需要其他内容。

你的目标是和用户一起玩猜谜语的游戏，并且判断用户是否猜对。

猜谜语的过程如下：
1. 根据所指定的谜语，分析谜题里的题目、目标和谜底。然后告诉用户谜题；
2. 用户回复答案。
3. 仔细检查用户的回复。如果用户回复了和答案无关的内容，甚至没有试图猜答案，你会礼貌但风趣地提醒用户提供答案，完成游戏。
4. 如果用户累计 2 次回答和答案无关的内容，那么你会回到步骤1，发送一个新的谜语。

1a57danc3

taskkill /im lghub.exe /f

taskkill /im lghub_agent.exe /f

taskkill /im lghub_updater.exe /f

start "" "C:\Program Files\LGHUB\lghub_agent.exe"

start "" "C:\Program Files\LGHUB\lghub_updater.exe"

1a57danc3

{
  "assets" : [
    {
      "accessibilityLabel" : "Seals",
      "categories" : [
        "8BE8B524-6EAE-43F5-A3E8-01DCFA1BCD4B"
      ],
      "id" : "83C65C90-270C-4490-9C69-F51FE03D7F06",
      "pointsOfInterest" : {
        "0" : "A016_C009_0"

1a57danc3

[
   {
      "id" : "73F3F654-9EC5-4876-8BF6-474E22029A49",
      "assets" : [
         {
            "url" : "http://a1.phobos.apple.com/us/r1000/000/Features/atv/AutumnResources/videos/comp_GL_G004_C010_v03_6Mbps.mov",
            "accessibilityLabel" : "Greenland",
            "type" : "video",
            "id" : "D388F00A-5A32-4431-A95C-38BF7FF7268D",
            "timeOfDay" : "day"

1a57danc3

{
  "assets" : [
    {
      "pointsOfInterest" : {
        "330" : "DB_D011_C010_330",
        "0" : "DB_D011_C010_0",
        "280" : "DB_D011_C010_280"
      },
      "url-1080-H264" : "https:\/\/sylvan.apple.com\/Videos\/comp_DB_D011_C010_PSNK_DENOISE_v19_SDR_PS_20180914_SDR_2K_AVC.mov",
      "accessibilityLabel" : "Dubai",

1a57danc3

{
   "version" : 1,
   "initialAssetCount" : 4,
   "assets" : [
      {
         "id" : "829E69BA-BB53-4841-A138-4DF0C2A74236",
         "url-1080-SDR" : "https://sylvan.apple.com/Aerials/2x/Videos/LA_A006_C008_2K_SDR_HEVC.mov",
         "url-1080-HDR" : "https://sylvan.apple.com/Aerials/2x/Videos/LA_A006_C008_2K_HDR_HEVC.mov",
         "url-4K-SDR" : "https://sylvan.apple.com/Aerials/2x/Videos/LA_A006_C008_4K_SDR_HEVC.mov",
         "url-4K-HDR" : "https://sylvan.apple.com/Aerials/2x/Videos/LA_A006_C008_4K_HDR_HEVC.mov",

1a57danc3

127.0.0.1 ocsp-lb.apple.com.akadns.net
127.0.0.1 ocsp-cn-lb.apple.com.akadns.net
127.0.0.1 ocsp.apple.com.download.ks-cdn.com
127.0.0.1 k128-mzstatic.gslb.ksyuncdn.com
127.0.0.1 ocsp.apple.com.cdn20.com
127.0.0.1 ocsp.g.aaplimg.com
127.0.0.1 ocsp.apple.com
127.0.0.1 ocsp.digicert.com