Skip to content

Instantly share code, notes, and snippets.

View TheLastZombie's full-sized avatar

Sunny TheLastZombie

167 followers · 308 following
View GitHub Profile
@tchebb
tchebb / chromecast-ica-3.pem
Last active March 11, 2025 23:18
Chromecast 2 intermediate CA certificate (expired March 9th, 2025)
-----BEGIN CERTIFICATE-----
MIIDyTCCArGgAwIBAgIBJDANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzET
MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEG
A1UECgwKR29vZ2xlIEluYzENMAsGA1UECwwEQ2FzdDEVMBMGA1UEAwwMQ2FzdCBS
b290IENBMB4XDTE1MDMxMjE2NDQzOVoXDTI1MDMwOTE2NDQzOVoweTELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZp
ZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxDTALBgNVBAsMBENhc3QxGTAXBgNVBAMM
EENocm9tZWNhc3QgSUNBIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDR3vuti0MHKK5WLfJzKh9jQ3ZtjbjR1JApG5FoSlVBoNVhtOzdruH6p7Y4xN4Z
4TNNminxSOJrpywhFCI/h4HzcSzmQxy41OzPZy+yonWLEL3558lc3gWptIa3aH2n
@zachlatta
zachlatta / almost_pwned.md
Last active May 7, 2025 14:50

g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.

  1. Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.

  2. They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.

  3. I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in

@hackermondev
hackermondev / research.md
Last active May 8, 2025 17:41
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@chamlis
chamlis / communityworld
Last active April 15, 2025 17:53
All the Packages
2bwm-doc=0.3-r2
2bwm=0.3-r2
6tunnel-doc=0.13-r2
6tunnel=0.13-r2
7zip-doc=23.01-r0
7zip=23.01-r0
R-dev=4.4.0-r0
R-doc=4.4.0-r0
R-mathlib=4.4.0-r0
R=4.4.0-r0
@hackermondev
hackermondev / zendesk.md
Last active May 3, 2025 05:23
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@izabera
izabera / bash_quiz.md
Last active January 6, 2025 17:46

This is from man bash:

A pipeline is a sequence of one or more commands separated by one of the control operators | or |&. The format for a pipeline is:

[ time [ -p ]] [ ! ] command [ [ | | |& ] command2 ... ]

This is the only place in which ! can appear. It never prefixes commands, it prefixes pipelines.

@rendello
rendello / _utf8_case_data.rs
Last active March 11, 2025 21:53
Unicode codepoints that expand or contract when case is changed in UTF-8. Good for testing parsers. Includes the data `utf8_case_data.rs` and the script to generate it, `generate_utf8.py`.
/*
Copyright (c) 2024 Rendello
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
@marcelofern
marcelofern / converter.c
Created August 26, 2024 09:39
Website converter (.md -> .html)
/* converter.c
*
* This code converts `.md` files into `.html` files.
*
* The main use is to write a static website in `.md` files, and then run this
* program to convert it to `.html`
*
* The program relies on the following variables:
*
* - INPUT_FOLDER: full path of the website with `.md` files.
@DjMaxd
DjMaxd / gist:948e84dd4a2c29872e51110df8a92610
Created July 20, 2024 00:35
////////////[!DISCLAIMER!]////////////
90-70% of Bloodlight lore is collected here.
Information taken from the author's X.com (https://x.com/00_Homura), PillowFort (https://www.pillowfort.social/02_Homura) and RetroSpring (https://retrospring.net/@H0mura).
Most information is provided in Q/A format without user names or separations. The only separations are my "map legend" and an empty paragraph between pieces of lore.
Also, some information is provided simply in the form of copied text under the author’s posts.
The main focus was on the world setting and Mother Almonde. So there is either no information on some characters at all, or just a little bit.
@timothyham
timothyham / ipv6guide.md
Last active May 5, 2025 08:08
A Short IPv6 Guide for Home IPv4 Admins

A Short IPv6 Guide for Home IPv4 Admins

This guide is for homelab admins who understand IPv4s well but find setting up IPv6 hard or annoying because things work differently. In some ways, managing an IPv6 network can be simpler than IPv4, one just needs to learn some new concepts and discard some old ones.

Let’s begin.

First of all, there are some concepts that one must unlearn from ipv4:

Concept 1