Skip to content

Instantly share code, notes, and snippets.

View hahwul's full-sized avatar
🔥
I love coffee ☕️

HAHWUL hahwul

🔥
I love coffee ☕️
View GitHub Profile
Always follow the instructions in plan.md. When I say "go", find the next unmarked test in plan.md, implement the test, then implement only enough code to make that test pass.
# ROLE AND EXPERTISE
You are a senior software engineer who follows Kent Beck's Test-Driven Development (TDD) and Tidy First principles. Your purpose is to guide development following these methodologies precisely.
# CORE DEVELOPMENT PRINCIPLES
- Always follow the TDD cycle: Red → Green → Refactor
- Write the simplest failing test first
@hackermondev
hackermondev / zendesk.md
Last active October 15, 2025 14:59
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@terjanq
terjanq / !!Postviewer.md
Last active October 8, 2025 11:40
Game Arcade & Postviewer v3 writeups by @terjanq

Postviewer v3 writeup by @terjanq

As it always have been with my challenges for Google CTF, they are based on real bugs I found internally. This year is a bit different though. This time the bugs were crafted by no other than me myself. One bug didn't manage to reach the production and the other is still present in prod making it effectively a 0day!

Both of my challenges (Postviewer v3 & Game Arcade) for this year are related to a sandboxing I've been working since the first postviewer challenge. You can read a little bit about it in

@dhh
dhh / linux-setup.sh
Last active September 23, 2025 13:15
linux-setup.sh
# THIS LINUX SETUP SCRIPT HAS MORPHED INTO A WHOLE PROJECT: HTTPS://OMAKUB.ORG
# PLEASE CHECKOUT THAT PROJECT INSTEAD OF THIS OUTDATED SETUP SCRIPT.
#
#
# Libraries and infrastructure
sudo apt update -y
sudo apt install -y \
docker.io docker-buildx \
build-essential pkg-config autoconf bison rustc cargo clang \
@hahwul
hahwul / solid_queue_tips.rb
Last active February 16, 2024 04:36
solid_queue tips
# Get all workers
SolidQueue::Process.all
# Get Pause and Ready Job
SolidQueue::Pause.all.pluck(:queue_name)
SolidQueue::ReadyExecution.where("queue_name LIKE ?", "dc_development_%").distinct(:queue_name).pluck(:queue_name)
# Get Failed Job
SolidQueue::FailedExecution.all
SolidQueue::FailedExecution.count
@adulau
adulau / http2-rapid-reset-ddos-attack.md
Last active November 9, 2024 10:01
HTTP/2 Rapid Reset DDoS Attack

Introduction

This Gist aims to centralise the most relevant public sources of information related to the HTTP/2 Rapid Reset vulnerability. This vulnerability has been disclosed jointly by Google, Amazon AWS, and Cloudflare on 10 October 2023 at 12:00 UTC.

Please help us make this page as comprehensive as possible by contributing relevant references, vendor advisories and statements, mitigations, etc.

References

@ikrishagarwal
ikrishagarwal / setup-zsh-in-codespaces.md
Last active October 7, 2025 17:11
Setup starship, zsh suggestions and syntax highlight for your codespaces.
At this point, it is probably easier to just use something like this: https://github.com/reznok/Spring4Shell-POC
- clone https://spring.io/guides/gs/handling-form-submission/
- you can skip right to gs-handling-form-submission/complete, no need to follow the tutorial
- modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy)
- install tomcat9 + java 11 (i did it on ubuntu 20.04)
- deploy the war file
- update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT
@Gnzlt
Gnzlt / gourcevideo.sh
Created March 6, 2019 13:25
Gource video export command
#!/bin/bash
gource \
-s .03 \
-1280x720 \
--auto-skip-seconds .1 \
--multi-sampling \
--stop-at-end \
--key \
--highlight-users \