hackermondev

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

r2dev2

/**
 * WaifuProgrammingBooks
 * 
 * This uses github's api to get images of anime girls holding programming books.
 * 
 * Usage:
 * 
 * Add <script src="https://gist.githubusercontent.com/r2dev2bb8/2e655ef24a6af288d01a8d6d823d5617/raw/1bb4db5484247c3d19ae5432168ca31f0e241c78/waifubook.js" /> to your document head
 *
 * waifuProgrammingBooks.getLanguages() returns a language object with key: language url

Beneboe

How to Setup Verified Commits

Quick guide on how to setup git signing. Information is aggregated from following sources:

• https://help.github.com/articles/signing-commits/
• https://help.github.com/articles/telling-git-about-your-signing-key/
• https://help.github.com/articles/generating-a-new-gpg-key/