Skip to content

Instantly share code, notes, and snippets.

View bhattisatish's full-sized avatar

Satish Bhat bhattisatish

33 followers · 28 following
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active November 16, 2024 12:28
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@owulveryck
owulveryck / transcription.md
Last active June 26, 2024 02:28
Dave Snowden's Organization, Collective, Decision
@cpursley
cpursley / postgresql_is_enough.md
Last active November 14, 2024 15:32
Postgres is Enough
@evadne
evadne / lecture.md
Last active October 4, 2023 23:24
How to Sell Elixir (2023)

How to Sell Elixir AGAIN (2023)

Presented by Evadne Wu at Code BEAM Lite in Stockholm, Sweden on 12 May 2023

Synopsis

We have celebrated 10 years of Elixir and also nearly 25 years of Erlang since the open source release in December 1998.

Most of the libraries that were needed to make the ecosystem viable have been built, talks given, books written, conferences held and training sessions provided. A new generation of companies have been built on top of the Elixir / Erlang ecosystem. In all measures, we have achieved further reach and maturity than 5 years ago.

@kconner
kconner / macOS Internals.md
Last active November 13, 2024 07:51
macOS Internals

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

@eyeseast
eyeseast / python.md
Last active May 6, 2024 17:11
How to set up Python in 2022

I have an updated version of this on my blog here: https://chrisamico.com/blog/2023-01-14/python-setup/.

Python

This is my recommended Python setup, as of Fall 2022. The Python landscape can be a confusing mess of overlapping tools that sometimes don't work well together. This is an effort to standardize our approach and environments.

Tools and helpful links:

  • Python docs: https://docs.python.org/3/
  • Python Standard Library:  - Start here when you're trying to solve a specific problem
@aileftech
aileftech / hex-colors.txt
Created October 1, 2022 18:10
A Bash one-liner to produce a list of HEX color codes that read like (supposedly) valid English words
$ grep -P "^[ABCDEFabcdefOoIi]{6,6}$" /usr/share/dict/words | tr 'OoIi' '0011' | tr '[:lower:]' '[:upper:]' | awk '{print "#" $0}'
#ACAD1A
#B0BB1E
#DEBB1E
#AB1DED
#ACAC1A
#ACCEDE
#AC1D1C
#BAB1ED
#BA0BAB
@kermitsxb
kermitsxb / NEST-FULL-COVERAGE.md
Created August 30, 2022 07:23
NestJS coverage configuration for combined unit & e2e test runs

Setup

  1. Edit package.json Jest configuration as shown below. The big points are to ensure you have a json reporter and to ensure your coverage is stored in a unique directory for unit tests (in this config its coverage/unit. Also, add the development dependencies shown as they are required for the merge script.
  2. Edit your e2e configuration (test/jest-e2e.json) as shown below. The required "trick" was to ensure that rootDir's subtree includes paths for the e2e tests as well as an source you want to generate coverage for. Using the parent directory includes both test and src so this works. I tried many other methods, like setting collectCoverageFrom to ../src, none of them worked. It appears you must use the parent directory and exclude everything you don't want. Note that it also uses a unique directory for its generated coverage data (coverage/e2e).
  3. Add merge-coverage.ts shown below to your project and run it after you've ran both test sets generating coverage.
@moyix
moyix / killbutmakeitlooklikeanaccident.sh
Created February 5, 2022 22:51
Script to inject an exit(0) syscall into a running process. NB: only x86_64 for now!
#!/bin/bash
gdb -p "$1" -batch -ex 'set {short}$rip = 0x050f' -ex 'set $rax=231' -ex 'set $rdi=0' -ex 'cont'
@tuansoibk
tuansoibk / cryptography-file-formats.md
Last active September 22, 2024 14:54
Cryptography material conversion and verification commands
  1. Introduction
  2. Standards
  3. Common combinations
  4. Conversion
  5. Verification/Inspection
  6. Tips for recognising

Introduction

It happens that there are many standards for storing cryptography materials (key, certificate, ...) and it isn't always obvious to know which standard is used by just looking at file name extension or file content. There are bunch of questions on stackoverflow asking about how to convert from PEM to PKCS#8 or PKCS#12, while many tried to answer the questions, those answers may not help because the correct answer depends on the content inside the PEM file. That is, a PEM file can contain many different things, such as an X509 certificate, a PKCS#1 or PKCS#8 private key. The worst-case scenario is that someone just store a non-PEM content in "something.pem" file.