Skip to content

Instantly share code, notes, and snippets.

View lenisko's full-sized avatar
🏠
Working from home

Jakub lenisko

🏠
Working from home
15 followers · 12 following
  • Freeman™
  • Poland
View GitHub Profile
@hackermondev
hackermondev / research.md
Last active May 5, 2025 03:30
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@thinhbuzz
thinhbuzz / bactch-remove-pokemon-go-friend.js
Last active March 2, 2024 01:52
Eliminate a series of pokemon go friends by keyword. Please read the first comment for the running steps.
(async () => {
function deleteFriend(friendId) {
return fetch("https://niantic-social-api.nianticlabs.com/niantic/graphql", {
headers: {
authorization: "Bearer " + localStorage.getItem("sessionToken"),
"content-type": "application/json",
},
body:
'{"query":"mutation RemoveFriendMutation(\\n $input: UnfriendNianticUserRequest!\\n) {\\n unfriendNianticUser(input: $input) {\\n friends {\\n userId\\n nianticId\\n displayName\\n gameProfiles {\\n game\\n codename\\n }\\n avatarUrl\\n }\\n success\\n }\\n}\\n","variables":{"input":{"userId":"' +
friendId +
@qdm12
qdm12 / README.md
Last active May 2, 2025 20:36
Wireguard and iptables restrictions for multiple users

Wireguard and iptables restrictions for multiple users

If you don't know what Wireguard is, well, you should. It's fast, easy to setup and highly configurable. We will configure Wireguard for multiple users with various restrictions using iptables.

Assumptions

This should fit most setups (not mine though 😉)

@binzume
binzume / idb.sh
Created December 10, 2019 10:30
Command line tool to communicate with iOS device as like ADB
#!/bin/bash
#
# Command line tool to communicate with iOS device as like ADB
# This is wrapper script for libimobiledevice and ios-deploy.
#
## Usage:
## idb [-s DEVID] [-b BUNDLE_ID] COMMAND [PARAMS...]
## idb devices
## idb logcat
## idb reboot
@Paturages
Paturages / conf.d~auth.conf
Created October 12, 2019 09:15
Discord OAuth protected endpoints with only nginx
js_include conf.d/oauth2.js;
server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;
location / {
auth_request /_auth_init;
}
@estorgio
estorgio / Mounting VirtualBox shared folders on Ubuntu Server 18.04 LTS (Bionic Beaver).md
Last active March 10, 2025 19:33
Mounting VirtualBox shared folders on Ubuntu Server 18.04 LTS (Bionic Beaver)

Mounting VirtualBox shared folders on Ubuntu Server 18.04 LTS (Bionic Beaver)

This guide will walk you through the steps on how to setup a VirtualBox shared folder inside your Ubuntu Server guest.

Prerequisites

This guide assumes that you are using the following setup:

You could still make this guide work with other setups (possibly with some modifications to the commands and whatnot).

@roblabla
roblabla / HABILITIES.md
Last active November 23, 2024 01:39
We believe in your habilities.

Muh Switch Keys

So you want to decrypt switch content ? Well, the good news is that all the tools required to do that are written up! The great news is, since this is crypto we're talking about, you'll have to find the keys. Yourself. Like it's easter.

So here you can find a template of the $HOME/.switch/prod.keys file that hactool uses to decrypt content. It contains all the SHA256 and location of the keys and seeds, so you can find them yourselves.

Note that all the seeds (the keys that end with _source) are used along with the master_key_## to derive an actual key. If you have somehow obtained the key without the seed, you can rename xxx_source to xxx_## (where ## is the master key number) and put your key there.

How the heck do I obtain dem keys ?

@soulmachine
soulmachine / jwt-expiration.md
Last active April 10, 2025 12:28
How to deal with JWT expiration?

First of all, please note that token expiration and revoking are two different things.

  1. Expiration only happens for web apps, not for native mobile apps, because native apps never expire.
  2. Revoking only happens when (1) uses click the logout button on the website or native Apps;(2) users reset their passwords; (3) users revoke their tokens explicitly in the administration panel.

1. How to hadle JWT expiration

A JWT token that never expires is dangerous if the token is stolen then someone can always access the user's data.

Quoted from JWT RFC:

@irisfofs
irisfofs / pisg_smileys.patch
Created March 10, 2015 01:01
A patch for pisg to improve its smiley parsing with a lot more smileys.
From aa0d9705564580ad6059e9e9e793a25764dd3a9f Mon Sep 17 00:00:00 2001
From: Andrew <[email protected]>
Date: Mon, 9 Mar 2015 20:53:59 -0400
Subject: [PATCH] Updated smiley parsing code
---
pisg/modules/Pisg/Parser/Logfile.pm | 51 ++++++++++++++++++++++++++++++-----
1 file changed, 44 insertions(+), 7 deletions(-)
diff --git a/pisg/modules/Pisg/Parser/Logfile.pm b/pisg/modules/Pisg/Parser/Logfile.pm
@uson1x
uson1x / hack.sh
Last active April 25, 2025 02:09 — forked from erikh/hack.sh
OSX For Hackers
#!/usr/bin/env sh
##
# This is script with usefull tips taken from:
# https://github.com/mathiasbynens/dotfiles/blob/master/.osx
#
# install it:
# curl -sL https://raw.github.com/gist/2275613/hack.sh | sh
#