Skip to content

Instantly share code, notes, and snippets.

Discover gists

@hackermondev
hackermondev / research.md
Last active January 24, 2025 13:42
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@bpsib
bpsib / BBC-Radio-HLS.m3u
Last active January 24, 2025 13:41 — forked from stengland/BBC-Radio.m3u
BBC Radio Streams
#EXTM3U
#EXTINF:-1,BBC - Radio 1
http://as-hls-ww-live.akamaized.net/pool_01505109/live/ww/bbc_radio_one/bbc_radio_one.isml/bbc_radio_one-audio%3d96000.norewind.m3u8
#EXTINF:-1,BBC - Radio 1Xtra
http://as-hls-ww-live.akamaized.net/pool_904/live/ww/bbc_1xtra/bbc_1xtra.isml/bbc_1xtra-audio%3d96000.norewind.m3u8
#EXTINF:-1,BBC - Radio 1Dance
http://as-hls-ww-live.akamaized.net/pool_62063831/live/ww/bbc_radio_one_dance/bbc_radio_one_dance.isml/bbc_radio_one_dance-audio%3d96000.norewind.m3u8
#EXTINF:-1,BBC - Radio 1 Anthems (UK Only)
http://as-hls-uk-live.akamaized.net/pool_904/live/uk/bbc_radio_one_anthems/bbc_radio_one_anthems.isml/bbc_radio_one_anthems-audio%3d96000.norewind.m3u8
#EXTINF:-1,BBC - Radio 2
@hasokeric
hasokeric / AnotherEmailBPM.cs
Last active January 24, 2025 13:41
Email Template Again - Pulling the Company Settings
// Email Notification
//
// 08/01/17 HK: Initial Implementation, since this is considered a temporary, lets keep it simple
//
// Initialize Actions
Func<string, string> GetCompanyAddressAction = (CompanyID) => {
var Company_Row =
(from sc in Db.SysCompany.With(LockHint.NoLock)
@DzeryCZ
DzeryCZ / ReadingHelmResources.md
Last active January 24, 2025 13:40
Decoding Helm3 resources in secrets

Helm 3 is storing description of it's releases in secrets. You can simply find them via

$ kubectl get secrets
NAME                                                TYPE                                  DATA   AGE
sh.helm.release.v1.wordpress.v1                     helm.sh/release.v1                    1      1h

If you want to get more info about the secret, you can try to describe the secret

$ kubectl describe secret sh.helm.release.v1.wordpress.v1
@mansueli
mansueli / testing_rls_supabase.mdx
Last active January 24, 2025 13:35
Testing Row Level Security (RLS) policies @supabase

Testing RLS policies

To test policies on the database itself (i.e., from the SQL Editor or from psql) without switching to your frontend and logging in as different users, you can utilize the following helper SQL procedures (credits):

grant anon, authenticated to postgres;

create or replace procedure auth.login_as_user (user_email text)
    language plpgsql
    as $$
@Manouchehri
Manouchehri / acceptgzipped.py
Last active January 24, 2025 13:35
Allowing gzip encoding with urllib
__author__ = 'David Manouchehri'
from bs4 import BeautifulSoup
import urllib.request
import gzip
import io
url = 'http://yoururlgoesherehopefullythisisntavalidurl.com/pages.html'
headers = {'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
@hmm01i
hmm01i / urllib2basicauth.py
Created May 16, 2017 19:48
Example of urllib with basic auth
# just an example for me to remember
import urllib2, base64
username = "testuser"
password = "changeme"
url = "https://example.com/"
request = urllib2.Request(url)
b64auth = base64.standard_b64encode("%s:%s" % (username,password))
request.add_header("Authorization", "Basic %s" % b64auth)
@ka2kama
ka2kama / install_cursor_to_ubuntu2404.sh
Last active January 24, 2025 13:32
Install the latest Cursor to Ubuntu 24.04
#!/bin/bash
set -euo pipefail
# Step 1: Declare installation paths and variables
CURSOR_DIR="$HOME/Applications/cursor"
APPIMAGE_DIR="$CURSOR_DIR/images"
EXTRACTED_DIR="$CURSOR_DIR/squashfs-root"
BIN_PATH="$EXTRACTED_DIR/cursor"
DESKTOP_DIR="$HOME/.local/share/applications"
@romkatv
romkatv / instant-zsh.zsh
Last active January 24, 2025 13:30
Make zsh start INSTANTLY with this one weird trick
# Make zsh start INSTANTLY with this one weird trick.
#
# https://asciinema.org/a/274255
#
# HOW TO USE
#
# 1. Download this script.
#
# curl -fsSL -o ~/instant-zsh.zsh https://gist.github.com/romkatv/8b318a610dc302bdbe1487bb1847ad99/raw
#
@Clemv95
Clemv95 / ygg-api.yml
Last active January 24, 2025 13:30 — forked from LimeDrive/ygg-api.yml
Indexeur ygg-api pour jackett / prowlarr
---
id: ygg-api
name: Ygg API
description: Indexeur non officiel pour ygg.re MOVIES / TV
language: fr-FR
type: private
encoding: UTF-8
testlinktorrent: false
links:
- https://yggapi.eu/