Skip to content

Instantly share code, notes, and snippets.

View michaelhood's full-sized avatar

Michael Hood michaelhood

219 followers · 2k following
View GitHub Profile
@zachlatta
zachlatta / almost_pwned.md
Last active February 26, 2025 07:11

g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.

  1. Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.

  2. They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.

  3. I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in

@hackermondev
hackermondev / zendesk.md
Last active February 20, 2025 07:58
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@kconner
kconner / macOS Internals.md
Last active March 3, 2025 15:50
macOS Internals

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

@smitelli
smitelli / ti250tool.py
Created May 31, 2022 19:51
Klein Tools TI250 image tool
# Klein Tools TI250 image tool by Scott Smitelli. Public domain.
# Requires at least Python 3.6 (developed and tested on 3.9)
# See https://www.scottsmitelli.com/articles/klein-tools-ti250-hidden-worlds
import argparse
import numpy as np
import re
import struct
from PIL import Image, ImageDraw
@darconeous
darconeous / rect-starlink-cable-hack.md
Last active December 7, 2024 17:45
Hacking the Rectangular Starlink Dishy Cable
@veggiedefender
veggiedefender / CANCEL_THE_ICE_CONTRACT.jpg
Last active April 21, 2023 17:13
CANCEL_THE_ICE_CONTRACT.jpg
@darwin
darwin / readme.md
Last active April 9, 2024 22:30
APFS Container cloning/replicating under Catalina (with a bootable system)

Today I wanted to move existing APFS-resident macOS Catalina installation to a new disk. I upgraded my late 2014 Mac Mini with a shiny new 1TB SSD. This took way too many hours of my life I will never get back. Hope this saves some time to you.

Good news:

  1. it is possible to create a DMG image from existing APFS container with macOS Catalina installation including metadata needed for complete restore (the DMG contains OS, OS Data, Preboot, Recovery and VM volumes)
  2. it is possible to restore this DMG image into empty APFS container and get a bootable copy of the original system

This information is relevant for Catalina (I'm currently running macOS 10.15.1).

@olilarkin
olilarkin / notes.md
Last active November 14, 2024 06:28
Plugin Dev Notes
@natew
natew / debug-puppeteer.js
Created July 21, 2018 16:32
import r2 from '@mcro/r2'
import puppeteer from 'puppeteer'
import * as _ from 'lodash'
const sleep = ms => new Promise(res => setTimeout(res, ms))
const onFocus = page => {
return page.evaluate(() => {
return new Promise(res => {
if (document.hasFocus()) {
res()
@neta540
neta540 / surfingkeys.js
Last active March 17, 2022 00:32
// ------------
// ♥ settings ♥
// ------------
settings.tabsThreshold = 0;
settings.smoothScroll = true;
settings.scrollStepSize = 200;
settings.scrollFriction = 0;
settings.startToShowEmoji = 0;
settings.defaultSearchEngine = 'd';