Skip to content

Instantly share code, notes, and snippets.

View danzek's full-sized avatar
🎵
Listening to meowzek

Dan danzek

🎵
Listening to meowzek
111 followers · 240 following
View GitHub Profile
@hawktrace
hawktrace / gist:76b3ea4275a5e2191e6582bdc5a0dc8b
Last active November 29, 2025 18:34
HawkTrace CVE-2025-59287
#!/usr/bin/env python3
import requests
import urllib3
import xml.etree.ElementTree as ET
from datetime import datetime, timezone
import sys
import uuid
from xml.sax.saxutils import escape
@ecapuano
ecapuano / better_event_logging.ps1
Created March 1, 2025 17:50
A PowerShell script for installing Sysmon and enabling best-practice audit logs.
# ================================================
# Sysmon & Windows Event Log Configuration Script
# ================================================
# Check for administrative privileges
$currentUser = [Security.Principal.WindowsIdentity]::GetCurrent()
$principal = New-Object Security.Principal.WindowsPrincipal($currentUser)
if (-not $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
Write-Host "This script requires administrative privileges. Please run as an administrator." -ForegroundColor Red
exit 1
@hackermondev
hackermondev / research.md
Last active December 25, 2025 23:34
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@stong
stong / cups-browsed.md
Last active November 17, 2025 00:24
CUPS disclosure leaked online. Not my report. The original author is @evilsocket

Original report

  • Affected Vendor: OpenPrinting
  • Affected Product: Several components of the CUPS printing system: cups-browsed, libppd, libcupsfilters and cups-filters.
  • Affected Version: All versions <= 2.0.1 (latest release) and master.
  • Significant ICS/OT impact? no
  • Reporter: Simone Margaritelli [[email protected]]
  • Vendor contacted? yes The vendor has been notified trough Github Advisories and all bugs have been confirmed:
@Dziurwa14
Dziurwa14 / spy.pet accounts
Last active June 28, 2025 19:29
[
"928350122843193385",
"1185047194261274665",
"956202276408688650",
"956104664821157918",
"1185047092478095443",
"1185046791826178099",
"1185047045413797898",
"928483283698851901",
"1185047444619284641",
@msuhanov
msuhanov / test_prefetch.py
Created April 8, 2024 19:10
#!/usr/bin/env python3
import ctypes
import time
import threading
def test():
def access(path):
f = open(path, 'rb')
__ = f.read(8192)
@sgammon
sgammon / gist:ec604c3fabd1a22dd3cdc381b736b03e
Created March 31, 2024 03:25
XZ mitigation
There appears to be a string encoded in the binary payload:
https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01#file-hashes-txt-L115
Which functions as a killswitch:
https://piaille.fr/@zeno/112185928685603910
Thus, one workaround for affected systems might be to add this to `/etc/environment`:
```
@thesamesam
thesamesam / xz-backdoor.md
Last active December 25, 2025 23:58
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@meck-gd
meck-gd / cs_volatility_config.py
Created October 13, 2023 11:51
CobaltStrike Volatility Config Extractor
from __future__ import annotations
import re
from itertools import cycle
MAX_SETTINGS = 128
def load_mapping(filename: str) -> dict[int, int]:
"""Processes textual Volatility memmap output into a page mapping."""
@BushidoUK
BushidoUK / Malicious Hostnames.txt
Created June 14, 2023 21:19
Malicious Hostnames belonging to Malware Operators, Ransomware Groups, and Advanced Persistence Threats
WIN-QQ80VPAFRNH
84.252.95.225 - SolarMarker
37.120.237.251 - SolarMarker
217.138.205.170 - Ursnif
185.236.202.184 - Pegasus, NSO Group
DESKTOP-2NFCDE2
94.142.138.32 - Aurora Stealer
45.15.156.250 - Aurora Stealer
45.15.156.40 - Raccoon Stealer