Skip to content

Instantly share code, notes, and snippets.

View MatthewCallis's full-sized avatar
🍖
Hungry Goriya

Matthew Callis MatthewCallis

🍖
Hungry Goriya
144 followers · 181 following
View GitHub Profile
@shgysk8zer0
shgysk8zer0 / idb.js
Created January 23, 2025 02:40
/**
* Opens an IDB Cursor as an asynchronous iterable, allowing iteration over the results of a database query.
*
* @async
* @generator
* @param {IDBDatabase} db The IndexedDB database.
* @param {string} storeName The name of the object store.
* @param {object} [options] Options for the cursor.
* @param {IDBTransactionMode} [options.mode="readonly"] The transaction mode.
* @param {IDBTransactionDurability} [options.durability="default"] The transaction durability.
@hackermondev
hackermondev / research.md
Last active April 2, 2025 21:08
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@SMUsamaShah
SMUsamaShah / list_of_p2p_file_sharing.md
Last active April 2, 2025 12:35
List of P2P file sharing tools

Browser Based

  1. Web Wormhole https://webwormhole.io/ https://github.com/saljam/webwormhole
  2. ToffeeShare https://toffeeshare.com/
  3. FilePizza https://file.pizza/
  4. ShareDrop sharedrop.io https://github.com/szimek/sharedrop (SOLD, not recommended, use one of the forks)
    1. A clone SnapDrop snapdrop.net https://github.com/RobinLinus/snapdrop (SOLD, not recommended, use one of the forks)
      1. A fork PairDrop https://pairdrop.net/ https://github.com/schlagmichdoch/pairdrop
  5. Instant.io https://instant.io/
  6. FileTC https://file.tc/
@entropie
entropie / ytfifo.rb
Last active May 13, 2024 15:34
#!/usr/bin/env ruby
# this scripts acts as a wrapper for a little daemon that reads a fifo;
#
# If called without allready running it starts a background daemon and
# downloads the argument, then proceeds to watch the fifo for more.
#
# We esnure that the script is only running once and only one dl at a time.
FIFO = "/home/ha/.ytfifo"
@Widdershin
Widdershin / ssr.md
Last active May 1, 2024 17:36
The absurd complexity of server-side rendering

In the olden days, HTML was prepared by the server, and JavaScript was little more than a garnish, considered by some to have a soapy taste.

After a fashion, it was decided that sometimes our HTML is best rendered by JavaScript, running in a user's browser. While some would decry this new-found intimacy, the age of interactivity had begun.

But all was not right in the world. Somewhere along the way, we had slipped. Our pages went uncrawled by Bing, time to first meaningful paint grew faster than npm, and it became clear: something must be done.

And so it was decided that the applications first forged for the browser would also run on the server. We would render our HTML using the same logic on the server and the browser, and reap the advantages of both worlds. In a confusing series of events a name for this approach was agreed upon: Server-side rendering. What could go wrong?

In dark rooms, in hushed tones, we speak of colours.

@mmazzarolo
mmazzarolo / globals-debugger.js
Last active April 13, 2023 18:02
Track down the JavaScript code responsible for polluting the global scope (see: https://mmazzarolo.com/blog/2022-02-16-track-down-the-javascript-code-responsible-for-polluting-the-global-scope/)
/**
* GlobalsDebugger
*
* Inspect the stack when a global variable is being set on the window object.
* Given a global variable name, it proxies the variable name in the window
* object adding some custom code that will be invoked whenever the variable
* is set. The custom code will log the current stack trace and halt the code
* execution to allow inspecting the stack and context in your browser DevTools.
* You can use the "globalsToInspect" query-parameter to set a comma-separated
* list of names of the variables you want to inspect.
@DavidWells
DavidWells / javascript-proxy-as-rest-client.js
Last active May 12, 2024 14:24
Using a javascript proxy as low code REST client
/* Using a JavaScript proxy for a super low code REST client */
// via https://dev.to/dipsaus9/javascript-lets-create-aproxy-19hg
// also see https://towardsdatascience.com/why-to-use-javascript-proxy-5cdc69d943e3
// also see https://github.com/fastify/manifetch
// also see https://github.com/flash-oss/allserver
// and https://gist.github.com/v1vendi/75d5e5dad7a2d1ef3fcb48234e4528cb
const createApi = (url) => {
return new Proxy({}, {
get(target, key) {
@unrealwill
unrealwill / collisionLSH.py
Created August 8, 2021 10:20
Proof of Concept : generating collisions on a neural perceptual hash
import tensorflow as tf #We need tensorflow 2.x
import numpy as np
#The hashlength in bits
hashLength = 256
def buildModel():
#we can set the seed to simulate the fact that this network is known and doesn't change between runs
#tf.random.set_seed(42)
model = tf.keras.Sequential()
@veggiedefender
veggiedefender / CANCEL_THE_ICE_CONTRACT.jpg
Last active April 21, 2023 17:13
CANCEL_THE_ICE_CONTRACT.jpg
@prologic
prologic / LearnGoIn5mins.md
Last active February 12, 2025 06:52
Learn Go in ~5mins