Iván || HacKan HacKanCuBa

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

Learn Go in ~5mins

This is inspired by A half-hour to learn Rust and Zig in 30 minutes.

Basics

Your first Go program as a classical "Hello World" is pretty simple:

First we create a workspace for our project:

Secure Containerized Pastebin

Easily deploy a secure containerized pastebin on a VPS.

Description

This project runs and configures two containers:

PrivateBin: A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted and decrypted in the browser.
SWAG: An Nginx webserver and reverse proxy with PHP support and a built-in Certbot client that automates free SSL server certificate generation and renewal processes.

Full Livestream Recording here

(see YouTube channel for individual videos)

Github | Site | Discord | YouTube |

ASN Discovery

Checklist

Get ASN of target
Get IP ranges
Masscan all the ranges (common web ports)
Double check to verify hosts alive
Generate URL list
Bruteforce all the URLs

SKS Keyserver Network Under Attack

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Terminological Note

"OpenPGP" refers to the OpenPGP protocol, in much the same way that HTML refers to the protocol that specifies how to write a web page. "GnuPG", "SequoiaPGP", "OpenPGP.js", and others are implementations of the OpenPGP protocol in the same way that Mozilla Firefox, Google Chromium, and Microsoft Edge refer to software packages that process HTML data.

	"""
	# RITSEC CTF 2022 - Crypto - Bad AES
	## Custom AES implementation where Mix Columns and Shift Rows steps switch places

	A secret government agency uses a 16-letter passphrase that is encrypted
	to create their passwords for their computers. An insider within the agency
	told me that everyday employees input their passphrase into this secret
	encryption scheme to receive their password for the day & the key used to
	encrypt their passphrase is changed by the agency daily.
	(This is so their passwords change every day without the employee having

	#! /usr/bin/env python3

	import hashlib
	import threading


	def hash_buf(buf):
	return hashlib.sha256(buf).hexdigest()

	import os
	import subprocess
	import ctypes

	# See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/

	svcinfo = {}
	nonadmin = ['AU', 'AN', 'BG', 'BU', 'DG', 'WD', 'IU', 'LG']
	FNULL = open(os.devnull, 'w')

	untrusted comment: HacKan minisign public key 8FE49E3814424F5C
	RWRcT0IUOJ7kj6AFLyI3pHmT6dhr+WN8C2FR6HguMmEK0MnsSImqSmjg