Skip to content

Instantly share code, notes, and snippets.

View hackermondev's full-sized avatar
🛠️
building

daniel hackermondev

🛠️
building
View GitHub Profile
@hackermondev
hackermondev / research.md
Last active March 30, 2025 21:34
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@hackermondev
hackermondev / zendesk.md
Last active March 24, 2025 13:09
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@hackermondev
hackermondev / n
Created September 27, 2024 12:48
n
OTc5MTY3MDA4NDk3MjI5ODQ0.GVt1b-.ajuAoBYZ-SEePbEhVu5GheUEN2FIjbWpS2GENw
MTA5MjUzMDM2NDQ1MjQ0NjI2MQ.GLmcyD.xUHHhnlj4uJXD9RgC2RX-PunqkoL0FKpUWxlVI
MTEzNjg3NzQ2ODY2MjM4Njc5MQ.GIII8w.IX0G-OTtbm3Ua9RmTiAbmJbINlYzLWw2AM_Goc
OTAyMjM5MzMzMDY5NzcwODEz.Iohkn8ZA_SsNAkd0kxO8r2STCKI
OTAyMjM5MzMzMDY5NzcwODEz.GD7Ptw.wQSPcOpBXwMoBpMvSjh_NT22EV9roPrQErL3ZQ
@hackermondev
hackermondev / ClydeAI-Jailbreak.md
Last active January 26, 2025 06:49
Discord ClydeAI jailbreak
MTA2NDUzMTg1Mjc1ODYzNDYyNw.GzpILk.FjMWJY3HI5P9o1oLx71kA1BWgfg8o2r92lF8dE
@hackermondev
hackermondev / api endpoints.md
Last active March 16, 2025 21:16
discord api endpoints

List of every single Discord API endpoint used on the client

Last updated: August 16, 2023

https://discord.com/api/v9

Endpoint Name path