Skip to content

Instantly share code, notes, and snippets.

View SanariSan's full-sized avatar
😯
1 2 Fizz 4 Buzz

SanariSan

😯
1 2 Fizz 4 Buzz
7 followers · 12 following
  • Georgia, Tbilisi
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active June 25, 2025 20:26
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@win3zz
win3zz / GitHub-Leaked-API-Keys-and-Secrets.md
Last active July 6, 2025 06:34

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

@VV0JC13CH
VV0JC13CH / Ubuntu_fixes_for_lenovo_legion_5i-15 R7 32GB RAM 512GB RTX2060.md
Last active March 21, 2025 06:03

This is a collection of Ubuntu fixes for Lenovo Legion 5i

Tested on: Lenovo Legion 5i with below specs:
AMD® Ryzen 7 4800h with radeon graphics × 16
NVIDIA Corporation / NVIDIA GeForce RTX 2060/PCIe/SSE2

1. GPU ISSUES for RTX 2060:

nvidia-driver-470 - HDMI doesn't have to work from the beginning
nvidia-driver-495 - HDMI works from the beginning, unstable (random reboots)\

@avivace
avivace / telegramRestore.md
Last active July 6, 2025 10:39
Restore deleted Telegram messages from groups

to ask for help with python and/or executing this script, join discord: https://discord.gg/zpu7YUP3Um

Restore deleted Telegram messages, medias and files from groups

There's not telegram API method for this, we need to call MTProto methods to retrieve messages from the "Recent Actions" (Admin Log) since deleted messages (and medias) gets moved there for 48 hours before the permanent deletion.

from telethon import TelegramClient, events, sync
from telethon.tl.types import InputChannel, PeerChannel
@f0r34chb3t4
f0r34chb3t4 / keys.txt
Created April 9, 2019 16:42
Proxifier.txt
Portable Version KEYS:
P6Z3T-UYJC9-YAK3F-APN9M-6ZDSD
FGZPK-93CWX-Q33Y6-D5URV-YXC3X
9CZQX-9YAQA-PF33L-XVUQH-NSD48
8RZ3L-H3Y5L-W2RY5-Z5M8N-C7Z2U
CCZNU-LW3LF-K9V2T-MYZFF-94667
EWZM6-3W4UX-KH922-C96GK-VGBH2
Standard Version KEYS:
4AZNW-S2YHE-LLMWM-J6EL8-7QKDL
@anabadce
anabadce / alb-redirect-only.yaml
Created March 21, 2019 02:10
AWS CloudFormation template: ALB (Application Load Balancer) that only redirects requests (http and https) to new host, no targets
AWSTemplateFormatVersion: '2010-09-09'
Description: 'ALB Application Load Balancer for redirection only'
Parameters:
MyALBName:
Type: 'String'
Default: 'alb-redirect'
VPC:
Type: 'AWS::EC2::VPC::Id'
Default: 'vpc-********'
@jbsulli
jbsulli / GitHub spoiler markdown.md
Last active June 21, 2025 21:50

Demo:

Spoiler warning

Spoiler text. Note that it's important to have a space after the summary tag. You should be able to write any markdown you want inside the <details> tag... just make sure you close <details> afterward.

console.log("I'm a code block!");
@gboudreau
gboudreau / AuthyToOtherAuthenticator.md
Last active July 5, 2025 17:15 — forked from Ingramz/AuthyToOtherAuthenticator.md
Export TOTP tokens from Authy

Exporting your 2FA tokens from Authy to transfer them into another 2FA application

IMPORTANT - Update regarding deprecation of Authy desktop apps

Past August 2024, Authy stopped supported the desktop version of their apps:
See Authy is shutting down its desktop app | The 2FA app Authy will only be available on Android and iOS starting in August for details.

And indeed, after a while, Authy changed something in their backend which now prevents the old desktop app from logging in. If you are already logged in, then you are in luck, and you can follow the instructions below to export your tokens.

If you are not logged in anymore, but can find a backup of the necessary files, then restore those files, and re-install Authy 2.2.3 following the instructions below, and it should work as expected.

@moehlone
moehlone / make_writable.js
Created March 17, 2016 08:27
Make JavaScript readonly propertys writable (example for overwriting navigator.userAgent; useful for unit tests -> browser detection)
/**
* Creates a read/writable property which returns a function set for write/set (assignment)
* and read/get access on a variable
*
* @param {Any} value initial value of the property
*/
function createProperty(value) {
var _value = value;
/**
@pwlin
pwlin / gist:8a0d01e6428b7a96e2eb
Last active June 30, 2025 09:31
Android : add cert to system store
https://code.google.com/p/android/issues/detail?id=32696#c5
If you have a certificate that is not
trusted by Android, when you add it, it goes in the personal cert store.
When you add a cert in this personal cert store, the system requires a
higher security level to unlock the device. But if you manage to add your
cert to the system store then you don't have this requirement. Obviously,
root is required to add a certificate to the system store, but it is quiet
easy.