Skip to content

Instantly share code, notes, and snippets.

View jpillora's full-sized avatar
👶

Jaime Pillora jpillora

👶
1.6k followers · 80 following
View GitHub Profile
@jpillora
jpillora / test.js
Last active April 6, 2024 01:27
async javascript test
const MAX_INFLIGHT = 4;
const TOTAL = 100;
// the given dummy api supports a maximum of 4 of inflight requests.
// the given code is correct, but it is slow because it processes elements serially.
// your task is to process 100 elements as fast as possible.
// run this code with "node/bun test.js".
// it should print "pass".
// no external dependencies are allowed.
async function run(elements) {
// ============
@hackermondev
hackermondev / research.md
Last active May 8, 2025 17:41
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k