Skip to content

Instantly share code, notes, and snippets.

@hackermondev
hackermondev / research.md
Last active March 16, 2025 08:22
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@NeilMadden
NeilMadden / crypto.py
Last active February 4, 2025 14:06
A Lazy Developer’s Guide to Modern Cryptography
#!/usr/bin/env python3
# Copyright 2024 Neil Madden.
# License: https://creativecommons.org/licenses/by-sa/4.0/deed.en.
# Like this? I do training courses & consultancy:
# https://illuminated-security.com/
import hashlib
import math
import os
*.crowdstrikexdr.co.za,crowdstrikexdr.co.za
japan.crowdstrikebenefits.com
*.crowdstrikedataprotection.cc,crowdstrikedataprotection.cc
*.crowdstrikedataprotecton.com,crowdstrikedataprotecton.com
*.crowdstrike-cspm-reg-test.com,crowdstrike-cspm-reg-test.com
*.crowdstrikemalware.zip,crowdstrikemalware.zip
land.crowdstrikebenefits.com,us.crowdstrikebenefits.com
ww16.crowdstrike.capethemes.com
*.crowdstrike.1-27.us-east-1.k8s.dev.appian-internal.com
*.crowdstrike.1-29.us-east-1.k8s.dev.appian-internal.com
@timothyham
timothyham / ipv6guide.md
Last active March 15, 2025 01:41
A Short IPv6 Guide for Home IPv4 Admins

A Short IPv6 Guide for Home IPv4 Admins

This guide is for homelab admins who understand IPv4s well but find setting up IPv6 hard or annoying because things work differently. In some ways, managing an IPv6 network can be simpler than IPv4, one just needs to learn some new concepts and discard some old ones.

Let’s begin.

First of all, there are some concepts that one must unlearn from ipv4:

Concept 1

@guest271314
guest271314 / compiling_standalone.md
Last active January 12, 2025 02:16
Compiling a standalone executable using modern JavaScript/TypeScript runtimes

Compiling a standalone executable using modern JavaScript/TypeScript runtimes

We have the same code working using node, deno, and bun.

E.g.,

bun run index.js
@GageSorrell
GageSorrell / Win32MessageLoopNodeAddonApi.cpp
Last active January 24, 2024 10:27
Create a Windows API (Win32) message loop with the node-addon-api.
/* Gist: Win32 Message Loop with `node-addon-api`
* Author: Gage Sorrell <[email protected]>
* Copyright: (c) 2023 Gage Sorrell
* License: MIT
*/
/* This file demonstrates how to get access to the Windows API (Win32)
* message loop in your NodeJS application via node-addon-api.
* This code goes into your node-addon-api package, with no additional
* build tools necessary.
@kj800x
kj800x / Hacking the LG Monitor's EDID.md
Last active February 23, 2025 17:57
Hacking the LG Monitor's EDID

preface: Posting these online since it sounds like these notes are somewhat interesting based on a few folks I've shared with. These are semi-rough notes that I basically wrote for myself in case I ever needed to revisit this fix, so keep that in mind.

I recently bought an LG ULTRAGEAR monitor secondhand off of a coworker. I really love it and it's been great so far, but I ran into some minor issues with it in Linux. It works great on both Mac and Windows, but on Linux it displays just a black panel until I use the second monitor to go in and reduce the refresh rate down to 60 Hz.

This has worked decent so far but there's some issues:

  • It doesn't work while linux is booting up. The motherboards boot sequence is visible just fine, but as soon as control is handed over to Linux and I'd normally see a splash screen while I'm waiting for my login window, I see nothing.
  • It doesn't work on the login screen. This would be fine if login consistently worked on my second screen, but I need to manually switch
@TheBrokenRail
TheBrokenRail / README.md
Last active March 9, 2025 02:40
Jailbreak Firefox!

Jailbreak-Firefox

This script allows you to install unsigned extensions (ones that aren't approved by Mozilla) on normal Firefox builds and the official Snap! That's right, no "Firefox Developer Edition" nonsense required!

⚠️ Disclaimer ⚠️

This script is not well tested, like at all. This script might break things, possibly important things. You should probably take a backup of your Firefox profile before using it. You have been warned.

Dependencies

sudo apt install -y curl unzip zip
# Only needed when jailbreaking the Snap
// TcbElevation - Authors: @splinter_code and @decoder_it
#define SECURITY_WIN32
#include <windows.h>
#include <sspi.h>
#include <stdio.h>
#pragma comment(lib, "Secur32.lib")
void EnableTcbPrivilege(BOOL enforceCheck);
@Sc00bz
Sc00bz / double-bs-speke.txt
Last active May 6, 2023 10:32
Double BS-SPEKE is an doubly augmented PAKE
Double BS-SPEKE
Double BS-SPEKE is BS-SPEKE but with 3DH vs Noise-KN to make it a doubly
augmented PAKE. Double BS-SPEKE is the best doubly augmented PAKE that I know
of. Only problem is there are no proofs, but it's not hard to take the SPEKE
proof, add the OPAQUE proof for OPRF, and it's obvious that the doubly augmented
change makes it doubly augmented. So if anyone knows how to formally state that
in a proof, that would be awesome to have. BS-SPEKE defined on multiplicative
groups can be found here:
https://gist.github.com/Sc00bz/ec1f5fcfd18533bf0d6bf31d1211d4b4