Skip to content

Instantly share code, notes, and snippets.

View jasonmit's full-sized avatar
🌴
On a hiatus from open source

Jason Mitchell jasonmit

🌴
On a hiatus from open source
232 followers · 144 following
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active November 19, 2024 13:18
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@johndturn
johndturn / PostLeads.md
Last active April 25, 2024 14:17
Post Leads to SFDC via JavaScript Fetch API and a Web-to-Lead form.

Post Leads to SFDC via JS Fetch API & Web-to-Lead

When working with Web-to-Lead forms, you might run into a situation where you'd like to integrate the form with your frontend framework (React, Vue, Angular, etc...). This can be accomplished quite easily using whatever HTTP library you're most comfortable with.

To demonstrate this, let's take a look at an example Web-to-Lead form, and the JavaScript required to post Leads to a SFDC org.

Example Form

<html lang="en">
@mackwage
mackwage / windows_hardening.cmd
Last active November 9, 2024 14:22
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:
@paulirish
paulirish / what-forces-layout.md
Last active November 19, 2024 08:58
What forces layout/reflow. The comprehensive list.

What forces layout / reflow

All of the below properties or methods, when requested/called in JavaScript, will trigger the browser to synchronously calculate the style and layout*. This is also called reflow or layout thrashing, and is common performance bottleneck.

Generally, all APIs that synchronously provide layout metrics will trigger forced reflow / layout. Read on for additional cases and details.

Element APIs

Getting box metrics
  • elem.offsetLeft, elem.offsetTop, elem.offsetWidth, elem.offsetHeight, elem.offsetParent
@coopermaruyama
coopermaruyama / disable-netflix-pauses.js
Last active July 18, 2021 19:16
Netflix: Disable "Are you still watching?" pauses
// copy/paste into chrome console (alt+cmd+J) after the video starts playing.
setInterval(function() {
var possibleButtons = document.getElementsByClassName('continue-playing');
if (possibleButtons.length) {
for (var i = 0; i < possibleButtons.length; i++) {
if (/Continue Playing/.test(possibleButtons[i].textContent)) {
var event = document.createEvent('HTMLEvents');
event.initEvent('click', true, false);
possibleButtons[i].dispatchEvent(event);
}
@rwjblue
rwjblue / ember_examples.md
Last active August 15, 2024 15:17
Ember Examples
@sindresorhus
sindresorhus / post-merge
Last active July 25, 2024 06:53
git hook to run a command after `git pull` if a specified file was changed.In this example it's used to run `npm install` if package.json changed and `bower install` if `bower.json` changed.Run `chmod +x post-merge` to make it executable then put it into `.git/hooks/`.
#!/usr/bin/env bash
# MIT © Sindre Sorhus - sindresorhus.com
# git hook to run a command after `git pull` if a specified file was changed
# Run `chmod +x post-merge` to make it executable then put it into `.git/hooks/`.
changed_files="$(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD)"
check_run() {
echo "$changed_files" | grep --quiet "$1" && eval "$2"