Discover gists
| ### | |
| # Toggle an external light from the X1C screen | |
| ### | |
| alias: Bambu Lab - Auto External Light | |
| description: "" | |
| trigger: | |
| - platform: state | |
| entity_id: | |
| - light.x1c_chamber_light | |
| from: null |
This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.
All of the below examples had been generated for using as a remote address: 192.168.56.101.
List:
- Page substiution macro for luring user to click Enable Content
- The Unicorn Powershell based payload
| "use client"; | |
| /* eslint-disable @next/next/no-img-element */ | |
| import Link from "next/link"; | |
| import { useState, useEffect } from 'react'; | |
| import { | |
| AppBskyFeedDefs, | |
| AppBskyFeedPost, | |
| type AppBskyFeedGetPostThread, | |
| } from "@atproto/api"; |
Use this skill to fetch the transcript of a YouTube video, with or without timestamps.
Use this skill with Claude (by extracting it to .claude/skills/) or with any other agent using Skillz.
Note: This skill is unlikely to run successfully on the Claude web app, since access to YouTube is blocked. Use it with Claude Code or other local agents.
| # Unity text-based assets that are safe for Smart Merge / YAMLMerge | |
| *.unity merge=unityyamlmerge | |
| *.prefab merge=unityyamlmerge | |
| *.mat merge=unityyamlmerge | |
| *.physicMaterial merge=unityyamlmerge | |
| *.physicsMaterial2D merge=unityyamlmerge | |
| *.controller merge=unityyamlmerge | |
| *.anim merge=unityyamlmerge | |
| *.overrideController merge=unityyamlmerge | |
| *.mask merge=unityyamlmerge |
hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.
about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.
i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.
(go read my friends' writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)
| https://thedefiant.io/feed/ | |
| https://www.coindesk.com/arc/outboundfeeds/rss/?outputType=xml | |
| https://cointelegraph.com/rss | |
| https://cryptopotato.com/feed/ | |
| https://cryptoslate.com/feed/ | |
| https://cryptonews.com/news/feed/ | |
| https://smartliquidity.info/feed/ | |
| https://finance.yahoo.com/news/rssindex | |
| https://www.cnbc.com/id/10000664/device/rss/rss.html | |
| https://time.com/nextadvisor/feed/ |
