Skip to content

Instantly share code, notes, and snippets.

@hackermondev
hackermondev / zendesk.md
Last active November 16, 2024 12:28
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

I was drawn to programming, science, technology and science fiction
ever since I was a little kid. I can't say it's because I wanted to
make the world a better place. Not really. I was simply drawn to it
because I was drawn to it. Writing programs was fun. Figuring out how
nature works was fascinating. Science fiction felt like a grand
adventure.
Then I started a software company and poured every ounce of energy
into it. It failed. That hurt, but that part is ok. I made a lot of
mistakes and learned from them. This experience made me much, much
@sarthology
sarthology / regexCheatsheet.js
Created January 10, 2019 07:54
A regex cheatsheet 👩🏻‍💻 (by Catherine)
let regex;
/* matching a specific string */
regex = /hello/; // looks for the string between the forward slashes (case-sensitive)... matches "hello", "hello123", "123hello123", "123hello"; doesn't match for "hell0", "Hello"
regex = /hello/i; // looks for the string between the forward slashes (case-insensitive)... matches "hello", "HelLo", "123HelLO"
regex = /hello/g; // looks for multiple occurrences of string between the forward slashes...
/* wildcards */
regex = /h.llo/; // the "." matches any one character other than a new line character... matches "hello", "hallo" but not "h\nllo"
regex = /h.*llo/; // the "*" matches any character(s) zero or more times... matches "hello", "heeeeeello", "hllo", "hwarwareallo"
@CodingDoug
CodingDoug / README.md
Last active May 6, 2021 14:35
Building an assistant (chatbot) that translates languages, integrated with Slack
@jpswade
jpswade / devops_best_practices.md
Last active October 30, 2024 15:05
Devops Best Practices Checklist

Find the original here article here: Devops Best Practices

DevOps started out as "Agile Systems Administration". In 2008, at the Agile Conference in Toronto, Andrew Shafer posted an offer to moderate an ad hoc "Birds of a Feather" meeting to discuss the topic of "Agile Infrastructure". Only one person showed up to discuss the topic: Patrick Debois. Their discussions and sharing of ideas with others advanced the concept of "agile systems administration". Debois and Shafer formed an Agile Systems Administrator group on Google, with limited success. Patrick Debois did a presentation called "Infrastructure and Operations" addressing

@rverton
rverton / cowroot.c
Created October 21, 2016 14:06
CVE-2016-5195 (DirtyCow) Local Root PoC
/*
* (un)comment correct payload first (x86 or x64)!
*
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten
@kristopolous
kristopolous / hn_seach.js
Last active July 24, 2023 04:12
hn job query search
// Usage:
// Copy and paste all of this into a debug console window of the "Who is Hiring?" comment thread
// then use as follows:
//
// query(term | [term, term, ...], term | [term, term, ...], ...)
//
// When arguments are in an array then that means an "or" and when they are seperate that means "and"
//
// Term is of the format:
// ((-)text/RegExp) ( '-' means negation )
@radiosilence
radiosilence / gist:3946121
Created October 24, 2012 13:43
Outputs some files that WMs can import and colourify everything with.
import sys
import colorsys
from colorz import colorz
WALLPAPER = '/home/james/.wallpaper'
COLORS = '/home/james/.colors'
XRESOURCES = '/home/james/.Xresources'
cols = ''
xres = """
@bryanjswift
bryanjswift / .rtorrent.rc
Created December 28, 2011 02:42
rtorrent configuration file with description
# This is an example resource file for rTorrent. Copy to
# ~/.rtorrent.rc and enable/modify the options as needed. Remember to
# uncomment the options you wish to enable.
# Maximum and minimum number of peers to connect to per torrent.
min_peers = 1
max_peers = 100
# Same as above but for seeding completed torrents (-1 = same as downloading)