Skip to content

Instantly share code, notes, and snippets.

View youngchief-btw's full-sized avatar
👋
chat with me!

YoungChief youngchief-btw

👋
chat with me!
242 followers · 731 following
View GitHub Profile
@kylefmohr
kylefmohr / prox-certs.sh
Last active September 12, 2025 18:38
Auto-renew Proxmox's Web UI HTTPS certificate using Tailscale and Tailnets
#!/bin/bash
set -e # Exit immediately if a command exits with a non-zero status.
##
# This script automates renewing the Proxmox web UI TLS certificate
# using Tailscale's built-in HTTPS certificate feature.
# It is recommended to run this script using a cronjob, I'm using
# `0 2 1 */3 * /path/to/my/prox-certs.sh`
# in my crontab to run this every three months (the length of the certificate validity)
# v4: Checks for and installs jq if missing.
@hackermondev
hackermondev / research.md
Last active October 13, 2025 19:04
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@SixBeeps
SixBeeps / mixxx_scrobbler.py
Last active September 27, 2025 10:13
Mixxx Scrobbler
# Mixxx Scrobbler - SixBeeps 2024
# I can't be bothered to write a proper license, so do whatever you want with this code.
# Steps:
#
# 1. Grab an API key and secret, for Last.fm go to https://www.last.fm/api/account/create
# 2. Install the pylast library with `pip install pylast`
# 3. Create a .env file in the same directory as this script with the following contents
# API_KEY=your_api_key
# API_SECRET=your_api_secret
# NETWORK=lastfm OR librefm
@hackermondev
hackermondev / zendesk.md
Last active October 10, 2025 03:00
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@nicolas17
nicolas17 / gist:559bec0d8e636f93f62cca844ee94ada
Last active June 8, 2024 17:36
Apple IDS payload keys
c: command
cc: commandContext
v: version
P: payload
N: bulkedPayload
fP: fanoutPayload
aP: additionalPayload
Pm: payloadMetadata
i: messageId
U: messageUUID
@Firepup6500
Firepup6500 / mf-adblock.js
Last active September 11, 2025 15:57
mf-adblock 0.7: A Tamper Monkey Adblocker
// ==UserScript==
// @name mf-adblock
// @namespace none
// @version 0.7
// @description A basic anti-adblock workaround that can remove or click elements on a website
// @author DerFichtl, with major improvements by Firepup650
// @match https://*/*
// @icon https://getadblock.com/favicon.ico
// @grant none
// @noframes
@mitchellh
mitchellh / overlay.nix
Last active November 2, 2024 22:01
Playdate SDK on Nix on aarch64
let
# Playdate distributes their SDK as precompiled x86_64 binaries
# currently so we have to import cross-compiled packages for it
# if we're not on an x86_64 system.
pkgsIntel = import <nixpkgs> {
crossSystem = {
config = "x86_64-unknown-linux-gnu";
};
};
in
@hackermondev
hackermondev / api endpoints.md
Last active October 4, 2025 08:41
discord api endpoints

List of every single Discord API endpoint used on the client

Last updated: July 22, 2025

https://discord.com/api/v9

Endpoint Name path
@makamys
makamys / 1.7.10-essentials.md
Last active October 14, 2025 05:49
List of "Essential" 1.7.10 Mods

List of "Essential" 1.7.10 Mods

This is a list of Minecraft 1.7.10 mods that are not focused on adding new original content. Instead, they make the base game run better, or port over features from other versions of vanilla.

These lists try to comprehensively list all the available options. You will not want to use all of the listed mods at once.

Some of the listed mods require a Mixin bootstrap mod in order to work. See the Mixin mods section near the end of the document for information about that.

Table of Contents

@hackermondev
hackermondev / replit subdomains.txt
Last active January 21, 2025 17:08
List of all public Replit subdomains
List of all Replit subdomains
Someone wanted me to post this so I did
Most of them are used for internal stuff and you can't access them
------------------------------------------------------------------------------------------------
replit.com|104.18.12.38,104.18.13.38
art.replit.com|34.120.57.62
ask.replit.com|64.62.250.111
blog.replit.com|104.18.12.38,104.18.13.38
boops.magic.teams.replit.com|34.120.57.62