Skip to content

Instantly share code, notes, and snippets.

View pdelteil's full-sized avatar
🌴
On vacation

Philippe Delteil pdelteil

🌴
On vacation
280 followers · 71 following
View GitHub Profile
@hackermondev
hackermondev / research.md
Last active April 1, 2025 12:54
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@thesamesam
thesamesam / xz-backdoor.md
Last active March 19, 2025 15:17
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@picar0jsu
picar0jsu / CVE-2022-21371
Last active April 26, 2023 06:59
Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
# Exploit Title: Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
# Date: 25/1/2022
# Exploit Author: Jonah Tan (@picar0jsu)
# Vendor Homepage: https://www.oracle.com
# Software Link: https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html
# Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
# Tested on: Windows Server 2019, WebLogic 12.2.1.3.0, Peoplesoft 8.57.22
# CVE : CVE-2022-21371
# Description
@Intyre
Intyre / Wahoo_Elemnt.md
Last active March 15, 2025 23:04
Wahoo Elemnt - Tips, tricks and custom images
@gpilleux
gpilleux / crackWep.sh
Created February 21, 2019 18:21
Script to crack WEP encryption.
# Check for arguments
if [ $# -lt 3 ]
then
echo "Not enough arguments supplied"
echo "Usage: ./deauth.sh <bssid> <channel> <interface>"
else
BSSID=$1
CHAN=$2
INTERF=$3
TIMEOUT=20
@netspooky
netspooky / pubsploit.py
Last active November 5, 2020 22:28
import urllib.request, json, sys, textwrap
# Run like
# python3 pubsploit.py CVE-2017-0143
def cveSearch(cve):
with urllib.request.urlopen('http://cve.circl.lu/api/cve/'+cve) as url:
data = json.loads(url.read().decode())
try:
if data['cvss']:
print("{} | CVSS {}".format(cve,data['cvss']))
@tiffany352
tiffany352 / index.html
Last active May 1, 2024 11:36
Twitter archive browser
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>Twitter Archive Browser</title>
<script src="https://unpkg.com/react@16/umd/react.development.js"></script>
<script src="https://unpkg.com/react-dom@16/umd/react-dom.development.js"></script>
<script src="https://unpkg.com/[email protected]/babel.min.js"></script>
<style>