Skip to content

Instantly share code, notes, and snippets.

View 490398290's full-sized avatar

490398290

7 followers · 292 following
View GitHub Profile
@hackermondev
hackermondev / research.md
Last active February 28, 2025 08:44
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@b0gdanw
b0gdanw / Get-Sequoia-InstallAssistant-pkg-links-from-Apple.sh
Created December 11, 2024 20:17
Get Sequoia InstallAssistant.pkg links from Apple
@b0gdanw
b0gdanw / Disable-Sequoia-Bloatware.sh
Last active February 28, 2025 10:08
Disable Sequoia Bloatware
#!/bin/zsh
# WARNING! The script is meant to show how and what can be disabled. Don’t use it as it is, adapt it to your needs.
# Credit: Original idea and script disable.sh by pwnsdx https://gist.github.com/pwnsdx/d87b034c4c0210b988040ad2f85a68d3
# Disabling unwanted services on macOS Big Sur (11), macOS Monterey (12), macOS Ventura (13), macOS Sonoma (14) and macOS Sequoia (15)
# Disabling SIP is required ("csrutil disable" from Terminal in Recovery)
# Modifications are written in /private/var/db/com.apple.xpc.launchd/ disabled.plist, disabled.501.plist
# To revert, delete /private/var/db/com.apple.xpc.launchd/ disabled.plist and disabled.501.plist and reboot; sudo rm -r /private/var/db/com.apple.xpc.launchd/*
# user
@hackermondev
hackermondev / zendesk.md
Last active February 20, 2025 07:58
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@avoidik
avoidik / README.md
Last active February 20, 2025 23:58
Run Windows 11 IoT ARM on Mac M1 or similar

How to run Windows on Mac

We're going to run Windows 11 IoT (ARM) on Mac M1 (ARM) using the native binary translation, thanks to up-to-date version of qemu which has native hardware support.

Prerequisites

Install qemu and required tools (coreutils - we need truncate/gtruncate, dd/gdd CLI tools, samba - to share files between host and guest VM).

$ brew install qemu coreutils samba
@p-mng
p-mng / README.md
Created March 22, 2024 13:52
Uninstall Rosetta 2 on macOS

Uninstall Rosetta 2 on macOS

1. Disable SIP (System Integrity Protection)

  1. Boot into recovery
  2. Open a terminal (Utilities > Terminal)
  3. Disable SIP using csrutil disable
  4. Reboot into macOS

2. Uninstall Rosetta

@localzet
localzet / mime.sh
Created January 16, 2024 17:15
mime.type generator
#!/bin/bash
MIME_TYPES=$(wget -qO- http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types | sed '/^#/d')
echo "types {" > ./mime.types;
echo "$MIME_TYPES" | while read -r line
do
TYPE=$(echo $line | awk '{print $1}')
EXTENSIONS=$(echo $line | cut -d' ' -f2-)
for EXT in $EXTENSIONS
@localzet
localzet / set_real_ip.sh
Last active October 22, 2024 20:55
Автоматически добавляет set_real_ip_from в Nginx для определения реального IP клиента, используя Cloudflare, Google Cloud и AWS
#!/bin/bash
# Получить последние IP-адреса Cloudflare
IPS_IPV4_CLOUDFLARE=$(curl https://www.cloudflare.com/ips-v4)
IPS_IPV6_CLOUDFLARE=$(curl https://www.cloudflare.com/ips-v6)
# Получить последние IP-адреса Google Cloud
IPS_IPV4_GOOGLECLOUD=$(curl https://www.gstatic.com/ipranges/cloud.json | jq -r '.prefixes[] | select(.ipv4Prefix) | .ipv4Prefix')
IPS_IPV6_GOOGLECLOUD=$(curl https://www.gstatic.com/ipranges/cloud.json | jq -r '.prefixes[] | select(.ipv6Prefix) | .ipv6Prefix')
@b0gdanw
b0gdanw / Disable-Sonoma-Bloatware.sh
Last active February 19, 2025 06:57
#!/bin/zsh
# WARNING! The script is meant to show how and what can be disabled. Don’t use it as it is, adapt it to your needs.
# Credit: Original idea and script disable.sh by pwnsdx https://gist.github.com/pwnsdx/d87b034c4c0210b988040ad2f85a68d3
# Disabling unwanted services on macOS Big Sur (11), macOS Monterey (12), macOS Ventura (13) and macOS Sonoma (14)
# Disabling SIP is required ("csrutil disable" from Terminal in Recovery)
# Modifications are written in /private/var/db/com.apple.xpc.launchd/ disabled.plist, disabled.501.plist
# To revert, delete /private/var/db/com.apple.xpc.launchd/ disabled.plist and disabled.501.plist and reboot; sudo rm -r /private/var/db/com.apple.xpc.launchd/*
# user
@steven-michaud
steven-michaud / ThirdPartyKexts.md
Last active January 17, 2025 12:21
Running Third Party Kernel Extensions on Virtualization Framework macOS Guest VMs

Running Third Party Kernel Extensions on Virtualization Framework macOS Guest VMs

As of macOS 12 (Monterey), Apple's Virtualization framework has nice support for macOS guest virtual machines, but with severe limitations: For example you can't install a macOS guest on Intel Macs, install guests with newer versions of macOS than the host, copy and paste between the host and the guest, or install third party kernel extensions in the guest. As usual for Apple, the functionality they do support is nicely implemented, but they've left out so much that the result is only marginally useful -- at least compared to