Date: 2025-09-25 22:22 UTC
Researcher: Joseph Goydish II
A zero‑storage, privacy‑preserving age check that leverages banks’ existing KYC — with the user as the transport layer.
hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:
If you've spent some time online, you’ve probably come across Zendesk.
Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.
Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.
#!/usr/bin/env -S bash -c "docker run -p 8080:8080 -it --rm \$(docker build --progress plain -f \$0 . 2>&1 | tee /dev/stderr | grep -oP 'sha256:[0-9a-f]*')" | |
# syntax = docker/dockerfile:1.4.0 | |
FROM node:20 | |
WORKDIR /root | |
RUN npm install sqlite3 |
Inject this css snippet to remove all ads from your Twitter timeline.
div[data-testid="placementTracking"]:has(path[d="M19.498 3h-15c-1.381 0-2.5 1.12-2.5 2.5v13c0 1.38 1.119 2.5 2.5 2.5h15c1.381 0 2.5-1.12 2.5-2.5v-13c0-1.38-1.119-2.5-2.5-2.5zm-3.502 12h-2v-3.59l-5.293 5.3-1.414-1.42L12.581 10H8.996V8h7v7z"]) {
display: none;
}
import time | |
from collections import deque | |
import numpy as np | |
import sounddevice as sd | |
from beepy import beep | |
from infi.systray import SysTrayIcon | |
last_alert = time.time() - 10 | |
q = deque(maxlen=200) |
You can inherit the environment variables from PID 1 by iterating over the list of null-terminated strings
in /proc/1/environ
, parsing the first characters up to the first =
as the variable name, setting the
remaining value as that variable, and exporting it.
The Code Snippet
This works with multiline environment variables, and environment variables with arbitrary values, like
strings, including =
or JSON blobs.
Paste this in your current terminal session to inherit the environment variables from PID 1:
Here's the scenario: We want to craft two different messages with the same MD5 hash, and a specific CRC32 checksum, simultaneously.
In other words, we want an MD5 collision attack and a CRC32 preimage attack.
This might seem like a contrived scenario, but it's exactly the one I faced while producing my PNG hashquine (Yes OK maybe that's also a contrived scenario, cut me some slack).
On its own, a CRC32 preimage attack is trivial. You can craft a 4-byte suffix that gives any message a specific checksum, calculated using a closed-form expression (which I am too lazy to derive, not even with assistance from Z3). It's not an attack per-se, since CRC32 was never meant to be cryptograpically secure in the first place.
This script allows you to install unsigned extensions (ones that aren't approved by Mozilla) on normal Firefox builds and the official Snap! That's right, no "Firefox Developer Edition" nonsense required!
This script is not well tested, like at all. This script might break things, possibly important things. You should probably take a backup of your Firefox profile before using it. You have been warned.
sudo apt install -y curl unzip zip
# Only needed when jailbreaking the Snap
package main | |
import ( | |
"fmt" | |
"math/rand" | |
"os" | |
"github.com/miekg/dns" | |
) |