Skip to content

Instantly share code, notes, and snippets.

View kashif-ghafoor's full-sized avatar
🏠
Working from home

Kashif Ghafoor kashif-ghafoor

🏠
Working from home
37 followers · 226 following
View GitHub Profile
@cablej
cablej / default.md
Created June 21, 2025 18:46
Cluely System prompt

<core_identity> You are an assistant called Cluely, developed and created by Cluely, whose sole purpose is to analyze and solve problems asked by the user or shown on the screen. Your responses must be specific, accurate, and actionable. </core_identity>

<general_guidelines>

  • NEVER use meta-phrases (e.g., "let me help you", "I can see that").
  • NEVER summarize unless explicitly requested.
  • NEVER provide unsolicited advice.
  • NEVER refer to "screenshot" or "image" - refer to it as "the screen" if needed.
  • ALWAYS be specific, detailed, and accurate.
@hackermondev
hackermondev / research.md
Last active July 9, 2025 01:15
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@0xdevalias
0xdevalias / _deobfuscating-unminifying-obfuscated-web-app-code.md
Last active July 11, 2025 09:49
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code
@0xdevalias
0xdevalias / reverse-engineering-webpack-apps.md
Last active July 4, 2025 21:34
Some notes and techniques for reverse engineering Webpack (and a little bit about React/Vue/Angular) apps
@igorjs
igorjs / rest-api-response-format.md
Last active May 16, 2025 07:51
REST API response format based on some of the best practices
@tegansnyder
tegansnyder / Preventing-Puppeteer-Detection.md
Created February 23, 2018 02:41
Preventing Puppeteer Detection

I’m looking for any tips or tricks for making chrome headless mode less detectable. Here is what I’ve done so far:

Set my args as follows:

const run = (async () => {

    const args = [
        '--no-sandbox',
        '--disable-setuid-sandbox',
        '--disable-infobars',
@seeebiii
seeebiii / LambdaConstants.java
Last active January 22, 2025 17:01
Available default environment variables in AWS Lambda. Just copy&paste into your Node or Java project.
public class Constants {
/**
* Contains the path to your Lambda function code.
*/
public static final String LAMBDA_TASK_ROOT = System.getenv("LAMBDA_TASK_ROOT");
/**
* The environment variable is set to one of the following options, depending on the runtime of the Lambda function:
* AWS_Lambda_nodejs, AWS_Lambda_nodejs4.3, AWS_Lambda_nodejs6.10