Skip to content

Instantly share code, notes, and snippets.

View Oakchris1955's full-sized avatar
🇺🇦
#SlavaUkraini!

Oakchris1955 Oakchris1955

🇺🇦
#SlavaUkraini!
24 followers · 49 following
View GitHub Profile
@hackermondev
hackermondev / writeup.md
Last active May 8, 2026 15:19
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)

@jbreckmckye
jbreckmckye / Cloudflare.md
Last active April 21, 2026 21:29
The CloudFlare outage was a good thing

The Cloudflare outage was a good thing

Cloudflare, the CDN provider, suffered a massive outage today. Some of the world's most popular apps and web services were left inaccessible for serveral hours whilst the Cloudflare team scrambled to fix a whole swathe of the internet.

And that might be a good thing.

The proximate cause of the outage was pretty mundane: a bad config file triggered a latent bug in one of Cloudflare's services. The file was too large (details still hazy) and this led to a cascading failure across Cloudflare operations. Probably there is some useful post-morteming about canary releases and staged rollouts.

@michabbb
michabbb / ssh-post-quantum-guide.md
Created November 15, 2025 18:31
SSH Post-Quantum Cryptography Configuration Guide - How to enable post-quantum key exchange and suppress OpenSSH warnings

SSH Post-Quantum Cryptography Configuration Guide

This guide explains how to configure SSH to use post-quantum cryptography and suppress related warnings.

Understanding the Warning

When connecting via SSH, you might see:

** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
@Iksas
Iksas / crypto_miner_removal.md
Created October 29, 2025 16:17
Crypto miner removal

Crypto miner removal

This manual describes how to remove a trojan I came across on someone else's machine.

The trojan seems to contain a crypto miner, and spreads through infecting USB sticks.

Here are hashes of the trojan's main files:

svctrl64.exe:

  • md5: b88b2c61844a49fcc54727105ae9abac
@qntm
qntm / jsoncount.js
Last active April 25, 2026 09:15
How many valid JSON strings are there?
/**
Code for enumerating valid JSON strings.
Bounds checking is the responsibility of the caller.
The case N = 0 is intentionally not handled.
This code attempts to be somewhat readable without significantly impacting performance.
https://qntm.org/jsoncount
https://qntm.org/jsonutf8
*/
@soareschen
soareschen / cgp-filesystem.rs
Created July 16, 2025 15:05
// This is a response on how to use Context-Generic Programming (CGP)
// to solve the specialization problem in the following blog post:
// https://oakchris1955.eu/posts/bypassing_specialization/
//
// More info available at https://contextgeneric.dev/.
use cgp::core::error::ErrorTypeProviderComponent;
use cgp::prelude::*;
// Redesign the FileSystem trait with CGP
@bagder
bagder / slop.md
Last active April 16, 2026 18:52
AI slop security reports submitted to curl

Slop

This collection is limited to only include the reports that were submitted as security vulnerabilities to the curl bug-bounty program on Hackerone.

Several other issues not included here are highly suspcious as well.

Reports

  1. [Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet. #2199174
@marl0ny
marl0ny / qm2d_split_op.rs
Last active December 27, 2024 17:34
/* Numerically solve for the time-dependent Schrodinger equation in 2D,
using the split operator method. To build and run, type:
rustc qm2d_split_op.rs
./qm2d_split_op
This will output a series of bmp images which show each frame of the
simulation.
References:
@jart
jart / rename-pictures.sh
Created December 12, 2023 15:24
Shell script for renaming all images in a folder
#!/bin/sh
# rename-pictures.sh
# Author: Justine Tunney <jtunney@gmail.com>
# License: Apache 2.0
#
# This shell script can be used to ensure all the images in a folder
# have good descriptive filenames that are written in English. It's
# based on the Mistral 7b and LLaVA v1.5 models.
#
# For example, the following command:
@Xeukxz
Xeukxz / RevertUI.md
Last active January 13, 2026 20:58
Revert Discord UI

Updated Version:

If you want to download an older version ive heard 205.15 works well, i reccomend ApkMirror

Using a modified app (Android & IOS friendly):

  1. Follow the instructions from https://github.com/vendetta-mod/Vendetta
  2. After the client is installed, navigate to Settings > Plugins, then click the +, and finally paste https://vd-plugins.github.io/proxy/maisymoe.github.io/strife/Experiments into the input and click Install
  3. Once the experiments plugin is enabled, reload the app then go to Settings > Experiments > Tabs V2 - redesign opt-out/in for all and select Control Bucket.

Ive also heard enmity works well for IOS.