Skip to content

Instantly share code, notes, and snippets.

View rmetzler's full-sized avatar
💭
Recruiters should mention the role and salary range if you spam me.

Richard Metzler rmetzler

💭
Recruiters should mention the role and salary range if you spam me.
181 followers · 161 following
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active November 15, 2024 17:02
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@vfarcic
vfarcic / nix.sh
Last active September 1, 2024 05:40
# Source: https://gist.github.com/vfarcic/8ebbf4943c5c012c8c98e1967fa7f33b
#####################################################################
# Say Goodbye to Containers - Ephemeral Environments with Nix Shell #
#####################################################################
# Additional Info:
# - Nix: https://nixos.org
# - Dagger: The Missing Ingredient for Your Disastrous CI/CD Pipeline: https://youtu.be/oosQ3z_9UEM
@adtac
adtac / Dockerfile
Last active November 1, 2024 03:05
#!/usr/bin/env docker run
#!/usr/bin/env -S bash -c "docker run -p 8080:8080 -it --rm \$(docker build --progress plain -f \$0 . 2>&1 | tee /dev/stderr | grep -oP 'sha256:[0-9a-f]*')"
# syntax = docker/dockerfile:1.4.0
FROM node:20
WORKDIR /root
RUN npm install sqlite3
@mttaggart
mttaggart / electron-versions.csv
Last active August 27, 2024 23:34
CVE-2023-4863 Electron App Tracker | THIS LIST IS NOW DEPRECATED. PLEASE VISIT https://github.com/mttaggart/electron-app-tracker FOR THE LATEST DATA
app_name repo electron_version vulnerable
1Clipboard https://github.com/wiziple/1clipboard
1Password None 25.8.1 FALSE
3CX Desktop App 19.0.8 TRUE
5EClient None
Abstract None
Account Surfer None
Advanced REST Client https://github.com/advanced-rest-client/arc-electron ^17.0.0 TRUE
Aedron Shrine None
Aeon https://github.com/leinelissen/aeon 23.2.0 TRUE
@Frityet
Frityet / game-porting-toolkit.md
Last active November 13, 2024 18:32

How to install game-porting-toolkit (aka proton for macOS)

You also might wanna just use Whisky which does this automatically

This guide works on macOS 13.4+ using Command Line Tools for XCode 15 Beta!

What is this?

In the recent WWDC, Apple announced and released the "game porting toolkit", which upon further inspection this is just a modified version of CrossOver's fork of wine which is a "compatibility layer" that allows you to run Windows applications on macOS and Linux.

@fsmv
fsmv / pass.go
Last active October 9, 2022 21:15
A runnable go script that creates an http basic auth password hash compatible with .htaccess (this is just the password part, you have to add username:<hash>)
/*?sr/bin/env go run "$0" "$@"; exit $? #*/
// This is actually not a shebang, the first line is both valid shell script and valid go code
// Just run: chmod +x pass.go; ./pass.go
package main
import (
"bufio"
"crypto/sha256"
"encoding/base64"
"fmt"
@vfarcic
vfarcic / 161-talos.sh
Last active October 26, 2024 17:33
# Source: https://gist.github.com/c7cdfef142bd65cc744789d3c1e90170
###########################################
# Talos Linux: OS Designed For Kubernetes #
# https://youtu.be/iEFb2Zg4xUg #
###########################################
# Additional Info:
# - Talos Linux: https://www.talos.dev/
# - How To Create, Provision, And Operate Kubernetes With Cluster API (CAPI): https://youtu.be/8yUDUhZ6ako
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active September 11, 2024 21:41
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@SigmaX
SigmaX / backup_script.sh
Created August 13, 2021 18:04
#!/bin/bash
export B2_ACCOUNT_ID=<your keyID here>
export B2_ACCOUNT_KEY=<your key here>
export RESTIC_PASSWORD=<your restic repository password here>
command1="restic -r b2:mybucket-desktop-backups:alfred/ backup /home/eric/Documents/ 2>&1"
output1=$(eval "${command1}")
result1=$?
@spinscale
spinscale / autobahn-api-to-es.cr
Last active November 26, 2023 15:14
Visualizing the unofficial autobahn API into the Elastic Stack
# autobahn-api-to-es
#
# Indexes autobahn API metadata into Elasticsearch to use it with Kibana Maps
#
# Original API description https://gist.github.com/LilithWittmann/06bd153317b635e7b622651f5cfd95ea
#
#
# MIT License
#
# Copyright (c) [2021]