Skip to content

Instantly share code, notes, and snippets.

View yuna0x0's full-sized avatar
🍥
:3

yuna0x0 yuna0x0

🍥
:3
343 followers · 263 following
View GitHub Profile
@mattppal
mattppal / security-checklist.md
Last active May 21, 2025 21:22
A simple security checklist for your vibe coded apps

Frontend Security

Security Measure Description
Use HTTPS everywhere Prevents basic eavesdropping and man-in-the-middle attacks
Input validation and sanitization Prevents XSS attacks by validating all user inputs
Don't store sensitive data in the browser No secrets in localStorage or client-side code
CSRF protection Implement anti-CSRF tokens for forms and state-changing requests
Never expose API keys in frontend API credentials should always remain server-side
@yuna0x0
yuna0x0 / harden-ssh.sh
Last active April 9, 2025 14:29
Harden SSH (Force public key auth and deny root login)
#!/bin/bash
# Force public key authentication
cat > /etc/ssh/sshd_config.d/20-force_publickey_auth.conf <<EOF
PasswordAuthentication no
AuthenticationMethods publickey
EOF
# Deny root login
echo "PermitRootLogin no" > /etc/ssh/sshd_config.d/20-deny_root.conf
@hackermondev
hackermondev / research.md
Last active May 20, 2025 21:09
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@ngocdangrby
ngocdangrby / AuthyIntegrity.md
Created August 30, 2024 12:40
Bypass Authy integrity with Rooted Android phone

It took me 3 days to pass the error The device does not meet the minimum integrity requirements.

Finally, I exported my Authy from my Android 14 phone on custom ROM.

  • Phone: Realme GT2
  • ROM: custom ROM PixelOS
  • State: Root already
  • Android: 14
  • Integrity: MEETS_DEVICE_INTEGRITY
@OrionReed
OrionReed / dom3d.js
Last active May 20, 2025 11:54
3D DOM viewer, copy-paste this into your console to visualise the DOM topographically.
// 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks.
// You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/)
(() => {
const SHOW_SIDES = false; // color sides of DOM nodes?
const COLOR_SURFACE = true; // color tops of DOM nodes?
const COLOR_RANDOM = false; // randomise color?
const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com)
const MAX_ROTATION = 180; // set to 360 to rotate all the way round
const THICKNESS = 20; // thickness of layers
const DISTANCE = 10000; // ¯\\_(ツ)_/¯
@bazhenovc
bazhenovc / the_sane_rendering_manifesto.md
Last active March 15, 2025 08:44
The Sane Rendering Manifesto

The Sane Rendering Manifesto

The goal of this manifesto is to provide an easy to follow and reasonable rules that realtime and video game renderers can follow.

These rules highly prioritize image clarity/stability and pleasant gameplay experience over photorealism and excess graphics fidelity.

Keep in mind that shipping a game has priority over everything else and it is allowed to break the rules of the manifesto when there are no other good options in order to ship the game.

Do not use dynamic resolution.

@Artefact2
Artefact2 / README.md
Last active May 11, 2025 00:58
GGUF quantizations overview
@SUPERCHIEFYT
SUPERCHIEFYT / loggingbots.md
Last active April 18, 2025 01:43
Breakdown of all of the known logging bots. (If I missed any let me know and I'll add it)

Logger: https://github.com/curtisf/logger

  • You can still selfhost the bot (view selfhosting-guide in the support server)

Selfhosted Loggers:

WARNING: It's unlikely any public instances of Logger will be added here, Discord failed to verify and grant intents needed to another public selfhosted instance and the user had to shutdown their instance.

INFO The only selfhosted Loggers listed here will be from trusted members of the Logger support server. If you're selfhosting and a trusted member and want your selfhosted Logger to be listed then we'll reach out to you directly, don't ask to be listed here.
@Bluefissure
Bluefissure / fix.py
Last active March 1, 2025 18:28
Fix broken palworld save caused by existing guild & too many capture logs
# author: Bluefissure
# License: MIT License
# Description: Fixes Palworld brokwn save files corrupted by someone existing the guild
# Based on the work of https://github.com/cheahjs/palworld-save-tools/releases/tag/v0.13.0
import argparse
import codecs
import os
import json
from lib.gvas import GvasFile
@noproto
noproto / MifareClassic.md
Last active May 3, 2025 23:48

Caution

This guide is out of date, follow the new guide here: https://flipper.wiki/mifareclassic/

MIFARE Classic

Here are the steps to follow in order to read your cards. Your goal is to find as many keys as possible. The keys unlock sections of your card for the Flipper to read them - you must have a card. Once you read enough sections, you can use an emulated or cloned card at the original card reader to unlock it (sometimes even without finding all of the keys!).

Important

Major update coming in first update following OFW 1.0.0 (ETA: mid to late September) which overhauls and simplifies this process: Status