Skip to content

Instantly share code, notes, and snippets.

View julianxhokaxhiu's full-sized avatar
🚀
Impossible Is Nothing.

Julian Xhokaxhiu julianxhokaxhiu

🚀
Impossible Is Nothing.
View GitHub Profile
@JGoyd
JGoyd / Apple System Data on AWS.md
Last active September 26, 2025 15:47
Public DNS evidence shows Apple’s Safari, Spotlight, and Maps configuration data (api.smoot.apple.com) terminates on Amazon AWS (AS16509).

Apple Safari, Spotlight, and Maps Data Found Terminating on AWS — Not Apple’s Own Servers

Date: 2025-09-25 22:22 UTC

Researcher: Joseph Goydish II


Summary

Bank‑Based Anonymous Age Verification (BAV)

A zero‑storage, privacy‑preserving age check that leverages banks’ existing KYC — with the user as the transport layer.


TL;DR

  • Banks sign an age claim, not an identity. They never learn which site you’re visiting.
  • Merchants verify a short‑lived token against their own nonce and a one‑time WebAuthn key. No database required.
@hackermondev
hackermondev / zendesk.md
Last active September 26, 2025 09:58
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@adtac
adtac / Dockerfile
Last active July 13, 2025 20:06
#!/usr/bin/env docker run
#!/usr/bin/env -S bash -c "docker run -p 8080:8080 -it --rm \$(docker build --progress plain -f \$0 . 2>&1 | tee /dev/stderr | grep -oP 'sha256:[0-9a-f]*')"
# syntax = docker/dockerfile:1.4.0
FROM node:20
WORKDIR /root
RUN npm install sqlite3

Ad-free Twitter

Inject this css snippet to remove all ads from your Twitter timeline.

div[data-testid="placementTracking"]:has(path[d="M19.498 3h-15c-1.381 0-2.5 1.12-2.5 2.5v13c0 1.38 1.119 2.5 2.5 2.5h15c1.381 0 2.5-1.12 2.5-2.5v-13c0-1.38-1.119-2.5-2.5-2.5zm-3.502 12h-2v-3.59l-5.293 5.3-1.414-1.42L12.581 10H8.996V8h7v7z"]) {
  display: none;
}
@rolisz
rolisz / mic_check.py
Created February 2, 2023 15:41
Script to alert on microphone loudness
import time
from collections import deque
import numpy as np
import sounddevice as sd
from beepy import beep
from infi.systray import SysTrayIcon
last_alert = time.time() - 10
q = deque(maxlen=200)
@milesrichardson
milesrichardson / inherit_environment_variables_from_pid_1.md
Created January 21, 2023 07:35
inherit environment variables from PID 1

You can inherit the environment variables from PID 1 by iterating over the list of null-terminated strings in /proc/1/environ, parsing the first characters up to the first = as the variable name, setting the remaining value as that variable, and exporting it.

The Code Snippet

This works with multiline environment variables, and environment variables with arbitrary values, like strings, including = or JSON blobs.

Paste this in your current terminal session to inherit the environment variables from PID 1:

MD5 Collision with CRC32 Preimage

Here's the scenario: We want to craft two different messages with the same MD5 hash, and a specific CRC32 checksum, simultaneously.

In other words, we want an MD5 collision attack and a CRC32 preimage attack.

This might seem like a contrived scenario, but it's exactly the one I faced while producing my PNG hashquine (Yes OK maybe that's also a contrived scenario, cut me some slack).

On its own, a CRC32 preimage attack is trivial. You can craft a 4-byte suffix that gives any message a specific checksum, calculated using a closed-form expression (which I am too lazy to derive, not even with assistance from Z3). It's not an attack per-se, since CRC32 was never meant to be cryptograpically secure in the first place.

@TheBrokenRail
TheBrokenRail / README.md
Last active September 17, 2025 06:44
Jailbreak Firefox!

Jailbreak-Firefox

This script allows you to install unsigned extensions (ones that aren't approved by Mozilla) on normal Firefox builds and the official Snap! That's right, no "Firefox Developer Edition" nonsense required!

⚠️ Disclaimer ⚠️

This script is not well tested, like at all. This script might break things, possibly important things. You should probably take a backup of your Firefox profile before using it. You have been warned.

Dependencies

sudo apt install -y curl unzip zip
# Only needed when jailbreaking the Snap
@timothyandrew
timothyandrew / dns.go
Created July 29, 2022 14:46
Barebones Recursive DNS Resolver
package main
import (
"fmt"
"math/rand"
"os"
"github.com/miekg/dns"
)