Skip to content

Instantly share code, notes, and snippets.

View Neos21's full-sized avatar
:octocat:
https://neos21.net/

Neos21 Neos21

:octocat:
https://neos21.net/
313 followers · 2k following
View GitHub Profile
@zachlatta
zachlatta / almost_pwned.md
Last active March 6, 2025 15:47

g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.

  1. Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.

  2. They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.

  3. I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in

@hackermondev
hackermondev / research.md
Last active March 11, 2025 23:10
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@ogadra
ogadra / README.md
Last active January 2, 2025 12:38
RaycastのSnippetsで絵文字を出すやつ

これはなに

RaycastのSnippetsを利用して、絵文字スニペットに対応していないアプリケーションでも絵文字を:hoge:の形式で出せるようにする設定ファイルです。

設定方法

RaycastのImport Snippetsより、emoji_aliases.jsonを読み込みます。

使い方

@hitalin
hitalin / flake.nix
Created November 19, 2024 22:49
set misskey development environment by nix flake
{
description = "Misskey development environment";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, flake-utils }:
flake-utils.lib.eachDefaultSystem (system:
@philschmid
philschmid / openai_meta.txt
Created October 2, 2024 06:38
Leaked meta prompt, seen at https://x.com/amebagpt/status/1841177927569838519
Understand the Task: Grasp the main objective, goals, requirements, constraints, and expected output.
- Minimal Changes: If an existing prompt is provided, improve it only if it's simple. For complex prompts, enhance clarity and add missing elements without altering the original structure.
- Reasoning Before Conclusions: Encourage reasoning steps before any conclusions are reached. ATTENTION! If the user provides examples where the reasoning happens afterward, REVERSE the order! NEVER START EXAMPLES WITH CONCLUSIONS!
- Reasoning Order: Call out reasoning portions of the prompt and conclusion parts (specific fields by name). For each, determine the ORDER in which this is done, and whether it needs to be reversed.
- Conclusion, classifications, or results should ALWAYS appear last.
- Examples: Include high-quality examples if helpful, using placeholders [in brackets] for complex elements.
- What kinds of examples may need to be included, how many, and whether they are complex enough to benefit from p
@ryozi-tn
ryozi-tn / win11.reg
Last active October 15, 2024 19:08
Windows11の鬱陶しい動きを消すやつを説明付きでほしかったので書いた
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]
; システム > 通知 > 追加の設定 > "更新後およびサインイン時に Windows のウェルカムエクスペリエンスを表示して、新機能と提案を表示する"を無効(0)
"SubscribedContent-310093Enabled"=dword:00000000
; システム > 通知 > 追加の設定 > "Windowsを使用する際のヒントや提案を入手する"を無効(0)
"SubscribedContent-338388Enabled"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
; 個人用設定 > スタート > "スタート画面にアカウント関連の通知を時々表示する"を無効(0)にする
@35enidoi
35enidoi / emoji_detect_bot.py
Last active October 14, 2024 11:29
import asyncio
import logging
from collections import deque
from typing import Union
from time import time, sleep
from brcore import Bromine
from requests.exceptions import Timeout, ConnectionError
from misskey import (
Misskey,
@azu
azu / README.md
Last active February 2, 2025 14:23
Node.jsのTypeScriptサポートについて
@chottokun
chottokun / llama3-1-arrowse-v0-4.ipynb
Created July 25, 2024 14:09
Llama3.1-ArrowSE-v0.4.ipynb
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@EdamAme-x
EdamAme-x / achievement.misskey.ts
Created July 20, 2024 09:12
Misskey Achivement Getter
const token = document.cookie.split("; ").map(c => c.startsWith("token=") ? c.split("=").pop() : null).filter(Boolean).shift()
const alist = [
'notes1',
'notes10',
'notes100',
'notes500',
'notes1000',
'notes5000',
'notes10000',