Skip to content

Instantly share code, notes, and snippets.

View TheLastZombie's full-sized avatar

Sunny TheLastZombie

177 followers · 317 following
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active September 18, 2025 04:05
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@izabera
izabera / bash_quiz.md
Last active January 6, 2025 17:46

This is from man bash:

A pipeline is a sequence of one or more commands separated by one of the control operators | or |&. The format for a pipeline is:

[ time [ -p ]] [ ! ] command [ [ | | |& ] command2 ... ]

This is the only place in which ! can appear. It never prefixes commands, it prefixes pipelines.

@rendello
rendello / _utf8_case_data.rs
Last active March 11, 2025 21:53
Unicode codepoints that expand or contract when case is changed in UTF-8. Good for testing parsers. Includes the data `utf8_case_data.rs` and the script to generate it, `generate_utf8.py`.
/*
Copyright (c) 2024 Rendello
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
@marcelofern
marcelofern / converter.c
Created August 26, 2024 09:39
Website converter (.md -> .html)
/* converter.c
*
* This code converts `.md` files into `.html` files.
*
* The main use is to write a static website in `.md` files, and then run this
* program to convert it to `.html`
*
* The program relies on the following variables:
*
* - INPUT_FOLDER: full path of the website with `.md` files.
@DjMaxd
DjMaxd / gist:948e84dd4a2c29872e51110df8a92610
Created July 20, 2024 00:35
////////////[!DISCLAIMER!]////////////
90-70% of Bloodlight lore is collected here.
Information taken from the author's X.com (https://x.com/00_Homura), PillowFort (https://www.pillowfort.social/02_Homura) and RetroSpring (https://retrospring.net/@H0mura).
Most information is provided in Q/A format without user names or separations. The only separations are my "map legend" and an empty paragraph between pieces of lore.
Also, some information is provided simply in the form of copied text under the author’s posts.
The main focus was on the world setting and Mother Almonde. So there is either no information on some characters at all, or just a little bit.
@timothyham
timothyham / ipv6guide.md
Last active September 25, 2025 15:15
A Short IPv6 Guide for Home IPv4 Admins

A Short IPv6 Guide for Home IPv4 Admins

This guide is for homelab admins who understand IPv4s well but find setting up IPv6 hard or annoying because things work differently. In some ways, managing an IPv6 network can be simpler than IPv4, one just needs to learn some new concepts and discard some old ones.

Let’s begin.

First of all, there are some concepts that one must unlearn from ipv4:

Concept 1

@NoobGajen
NoobGajen / EndeavourOS to Arch Linux.MD
Last active August 12, 2025 01:59 — forked from sun-jiao/endeavour-to-arch-guide.MD
Converting EndeavourOS to ArchLinux

First of all, uninstall the eos-hooks package, which keeps changing the data of /etc/os-release from a hook while installing base packages.

sudo pacman -R eos-hooks

Reinstall the base package group:

sudo pacman -Syyu --noconfirm archlinux-keyring bash bzip2 lsb-release coreutils file filesystem findutils gawk gcc-libs gettext glibc grep gzip iproute2 iputils licenses pacman pciutils procps-ng psmisc sed shadow systemd systemd-sysvcompat tar util-linux xz linux
@sgammon
sgammon / gist:ec604c3fabd1a22dd3cdc381b736b03e
Created March 31, 2024 03:25
XZ mitigation
There appears to be a string encoded in the binary payload:
https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01#file-hashes-txt-L115
Which functions as a killswitch:
https://piaille.fr/@zeno/112185928685603910
Thus, one workaround for affected systems might be to add this to `/etc/environment`:
```
@smx-smx
smx-smx / XZ Backdoor Analysis
Last active June 2, 2025 22:53
[WIP] XZ Backdoor Analysis and symbol mapping
XZ Backdoor symbol deobfuscation. Updated as i make progress
@lietu
lietu / scan_liblzma.sh
Last active March 29, 2024 20:49
Find libraries and binaries that depend on liblzma.so.5 (or other infected libraries)
#!/usr/bin/env bash
# Likely only works on Linux due to GNU Find, probably needs to be ported for BSD utils
OPTIONAL_FIND_ARGS=-xdev # Remove if you don't have slow remote mounts etc.
# Start with liblzma
LIBS=liblzma.so.5
LIB_DIRS="/usr/lib /lib"
BIN_DIRS="/usr/bin /bin /usr/local/bin"