Skip to content

Instantly share code, notes, and snippets.

View ibrahimsn98's full-sized avatar
🐙

İbrahim Süren ibrahimsn98

🐙
483 followers · 94 following
View GitHub Profile
@hackermondev
hackermondev / research.md
Last active March 2, 2025 16:06
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@scorpion1201
scorpion1201 / install-speedtest-arm64.sh
Last active September 18, 2024 19:36
#!/bin/bash
curl "https://install.speedtest.net/app/cli/ookla-speedtest-1.1.1-linux-aarch64.tgz" | tar xzv
cp speedtest /usr/sbin
@ynott
ynott / multipass-on-bridged-network.md
Last active December 29, 2024 03:29
Instructions for running multipass on a bridge network

1. Environmental information

  • OS: Ubuntu 20.04.2 LTS (GNU/Linux 5.8.0-59-generic x86_64)
  • Network: 192.168.xxx.0/24
  • Ubuntu multipass host machine IP: 192.168.xxx.yyy(static IP)
  • NIC: enp2s0(bridge host NIC)
  • Bridge NIC:br0

2. Prerequisites

@Gnzlt
Gnzlt / OffsetPageTransformer.kt
Last active December 13, 2024 13:50
Android ViewPager2 PageTransformer to show multiple pages at the same time
package com.example
import android.view.View
import android.view.ViewGroup
import androidx.annotation.Px
import androidx.core.view.ViewCompat
import androidx.core.view.updateLayoutParams
import androidx.recyclerview.widget.RecyclerView
import androidx.viewpager2.widget.ViewPager2
@mkfares
mkfares / docker-swarm-configs.md
Created August 16, 2020 12:37
Docker Swarm - Managing Configurations

Docker Swarm - Managing Configurations

Docker allows storing configurations outside docker images and running containers. This feature, named configs, eliminates the need to use volumes, bind-mount, or environment variables to pass configurations to containers.

The configs have the following characteristics:

  • Configs are not encrypted (secrets are encrypted)
  • Config values can be strings or binary data
  • Config values have maximum size of 500 kB
  • Configs are mounted as a file in the container filesystem. The default location is /<config-name> in the container
  • Configs can be added or removed from a service at any time
@nhtua
nhtua / 00.install-android-sdk.sh
Last active February 15, 2025 14:22
Run a Headless Android Device on Ubuntu server (no GUI)
#!/bin/bash -i
#using shebang with -i to enable interactive mode (auto load .bashrc)
set -e #stop immediately if any error happens
# Install Open SDK
apt update
apt install openjdk-8-jdk -y
update-java-alternatives --set java-1.8.0-openjdk-amd64
java -version
@eybisi
eybisi / get_payload.py
Created December 12, 2018 16:18
get decrypted payload from all apk files
#get apks from server? wget -np -e robots=off -m site.com/apk/folder/
#Place all apks in the same dir as py file or change os.listdir parameter
#you can get del.js from my repo https://github.com/eybisi/fridaScripts/blob/master/del.js
import os
from androguard.core.bytecodes import apk
import frida
import time
device = frida.get_usb_device()
files = [f for f in os.listdir("./")]
for f in files:
@ameerhamza6733
ameerhamza6733 / AdmobConsentSimple
Last active June 8, 2020 15:05
Simple for Consent sdk android admob
/*https://www.youtube.com/watch?v=_JOapnq8hrs&t=852s
video tutorial for consent sdk android
*/
/*https://www.youtube.com/watch?v=_JOapnq8hrs&t=852s
If you want i do your job you can hair me any time at Upwork.com: https://www.upwork.com/o/profiles/users/_~01cdffbf3d8a9ad74b/
@soulmachine
soulmachine / jwt-expiration.md
Last active January 9, 2025 12:03
How to deal with JWT expiration?

First of all, please note that token expiration and revoking are two different things.

  1. Expiration only happens for web apps, not for native mobile apps, because native apps never expire.
  2. Revoking only happens when (1) uses click the logout button on the website or native Apps;(2) users reset their passwords; (3) users revoke their tokens explicitly in the administration panel.

1. How to hadle JWT expiration

A JWT token that never expires is dangerous if the token is stolen then someone can always access the user's data.

Quoted from JWT RFC:

@chrisbanes
chrisbanes / FixAppBarLayoutBehavior.java
Last active January 6, 2024 10:10
Fixed AppBarLayout.Behavior for https://issuetracker.google.com/66996774
/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software