Skip to content

Instantly share code, notes, and snippets.

View mmoya's full-sized avatar

Maykel Moya mmoya

65 followers · 14 following
View GitHub Profile
@hackermondev
hackermondev / research.md
Last active March 9, 2025 22:45
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@smx-smx
smx-smx / XZ Backdoor Analysis
Last active February 26, 2025 01:17
[WIP] XZ Backdoor Analysis and symbol mapping
XZ Backdoor symbol deobfuscation. Updated as i make progress
@redhat421
redhat421 / mpv-freedesktop-screensaver-plugin.c
Last active January 30, 2024 08:23 — forked from fernandoherreradelasheras/mpv-freedesktop-screensaver-plugin.c
mpv pluging to inhibit screensaver while playing a video using freedesktop dbus api
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <gio/gio.h>
#include <mpv/client.h>
/**
* mpv pluging to inhibit screensaver while playing a video on GNOME Desktop
@gmurdocca
gmurdocca / socat_caesar_dpi.md
Last active June 28, 2024 15:53
Circumventing Deep Packet Inspection with Socat and rot13

Circumventing Deep Packet Inspection with Socat and rot13

I have a Linux virtual machine inside a customer's private network. For security, this VM is reachable only via VPN + Citrix + Windows + a Windows SSH client (eg PuTTY). I am tasked to ensure this Citrix design is secure, and users can not access their Linux VM's or other resources on the internal private network in any way outside of using Citrix.

The VM can access the internet. This task should be easy. The VM's internet gateway allows it to connect anywhere on the internet to TCP ports 80, 443, and 8090 only. Connecting to an internet bastion box on one of these ports works and I can send and receive clear text data using netcat. I plan to use good old SSH, listening on tcp/8090 on the bastion, with a reverse port forward configured to expose sshd on the VM to the public, to show their Citrix gateway can be circumvented.

Rejected by Deep Packet Inspection

I hit an immediate snag. The moment I try to establish an SSH or SSL connection over o

@dallaslu
dallaslu / sort_by_time.py
Created October 20, 2021 04:07
Sort Beancount Entries by meta['time']
"""Sort Beancount Entries by meta['time']
Although beancount says that time is meaningless, there are situations
where an account that should not be negative may have a negative balance
at some point because transfers that occurred on the same day are
scheduled later and spending records are scheduled earlier.
This is not a big deal, but it is a bit odd.
2021-10-01 balance Assets:Cash 500 USD
@XSystem252
XSystem252 / RaspberryPi4Archlinux64EncryptionUSBBootBtrfsGuide.md
Last active September 14, 2024 19:37
How To Set Up a Raspberry Pi 4 with Archlinux 64-bit (AArch64) and Full Disk Encryption (+SSH unlock), USB Boot (No SD-Card) and btrfs

How To Set Up a Raspberry Pi 4 with Archlinux 64-bit (AArch64) and Full Disk Encryption (+SSH unlock), USB Boot (No SD-Card) and btrfs

Written by: XSystem
First published on: 20 Dec 2020
Last updated on: 20 Dec 2020

[0] Introduction

Overview

@tinywrkb
tinywrkb / btswitch
Last active February 6, 2024 10:09
NOT NEEDED WITH 0.3.21 OR GIT VERSION | PipeWire Pulse Server Bluetooth Auto-Switch
#!/bin/bash
#
# ~/.local/bin/btswitch
#
# wait a second this is too fast for udev
sleep 1
btdev="$(pactl list sinks|grep Name|grep 'bluez.*.a2dp.sink'|sed 's/Name: //'|sed 's/\s//')"
if [ -n "$btdev" ]; then
@gyrusdentatus
gyrusdentatus / nym_mixnode_setup_help.md
Last active March 26, 2023 21:33
A full guide on how to set up a Nym mixnode on a fresh server

How to set up a server running NYM for dummies

Introduction

This guide is written for people that have absolutely no or little experience with terminal and remote server configuration. Should work on all Debian based distros although this has been tested only with fresh Debian 10 Buster. It does not yet cover the actual node configuration yet. For that see the official Nym docs here https://nymtech.net/docs/run-nym-nodes/mixnodes/

If you are complete beginner and just installed Debian on your VPS then I suggest going through the bash crash course in the introduction section

If you are at least little experienced, then skip to section Nym installation.

@bjeanes
bjeanes / AAA_uuid_generate_v6mc.sql
Last active June 20, 2024 17:24
Postgres UUIDv6 (non-standard)
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
-- My port of https://github.com/kurttheviking/uuid-with-v6-js
-- A hacky translation of:
-- - http://gh.peabody.io/uuidv6/
-- - https://tools.ietf.org/html/draft-peabody-dispatch-new-uuid-format
CREATE OR REPLACE FUNCTION uuid_v1_to_v6(v1 uuid)
RETURNS uuid AS $$
DECLARE
v6 text;
@bartv2
bartv2 / git-crypt-rekey.sh
Created March 11, 2020 10:38
#!/bin/bash
# Unlock the directory, we need the unencrypted versions of the files
git crypt unlock
# Re-initialize git crypt, generating a new key
rm .git/git-crypt/keys/default
git crypt init
# Make the key available to the current users