hackermondev

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

coolaj86

Chat GPT "DAN" (and other "Jailbreaks")

• https://chat.openai.com/
• Is ChatGPT "DAN" Real? Gonna find out [Part 1]
  (https://www.youtube.com/watch?v=-q8woRG9FrI)
• Part 2: I thought ChatGPT DAN was a hoax, but...
  (https://www.youtube.com/watch?v=rHZRrDu3A2U&lc=UgxfrxX8aK7gnCzkend4AaABAg)

matiaslopezd

/**
* Get FQDN from a string
* @name FQDN
* @param URL {String} - String you want get FQDN
* @return {String}
**/
function FQDN(URL = '') {
    URL = URL.subtring(0, 50); // This will avoid evaluate long malicious fqdn
    const regex = /[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](?:\.[a-zA-Z]{2,})+/i;
    const filtered = regex.exec(URL);

voluntas

// Chrome Canary M74
// chrome://flags で Experimental Web Platform features を有効にすれば使えるようになる
// mDNS を有効にしていると上手く動かないかもしれないので要注意

// https://developers.google.com/web/updates/2019/01/rtcquictransport-api
// https://github.com/shampson/RTCQuicTransport-Origin-Trial-Documentation

const iceTransport1 = new RTCIceTransport;
const iceTransport2 = new RTCIceTransport;

chris-garrett

upstream app_server {
  ip_hash;
  server app_react:3000 max_fails=3 fail_timeout=30s;
}

upstream api_server {
  ip_hash;
  server api_feathers:3040 max_fails=3 fail_timeout=30s;
}

kkkrist

'use strict'

const bodyParser = require('body-parser')
const compress = require('compression')
const configuration = require('feathers-configuration')
const cors = require('cors')
const favicon = require('serve-favicon')
const feathers = require('feathers')
const hooks = require('feathers-hooks')
const limiter = require('limiter').RateLimiter // Generic limiter used for authentication attempts inside web socket connection

benediktkr

function mae(a, b) {
	return a["charAt"](b);
}
function bfQh(a, b) {
	return a["charCodeAt"](b);
}

sstur

function toJSON(node) {
  let propFix = { for: 'htmlFor', class: 'className' };
  let specialGetters = {
    style: (node) => node.style.cssText,
  };
  let attrDefaultValues = { style: '' };
  let obj = {
    nodeType: node.nodeType,
  };
  if (node.tagName) {

jedi4ever

Clustering: The basics

The trick? pass the file descriptor from a parent process and have the server.listen reuse that descriptor. So multiprocess in their own memory space (but with ENV shared usually)

It does not balance, it leaves it to the kernel.

In the last nodejs > 0.8 there is a cluster module (functional although marked experimental)

• http://nodejs.org/api/cluster.html
• Simple cluster example:

isaacs

var cluster = require('cluster');
var PORT = +process.env.PORT || 1337;

if (cluster.isMaster) {
  // In real life, you'd probably use more than just 2 workers,
  // and perhaps not put the master and worker in the same file.
  cluster.fork();
  cluster.fork();

  cluster.on('disconnect', function(worker) {