Skip to content

Instantly share code, notes, and snippets.

View kuntoaji's full-sized avatar
🎯
Focusing

KAK kuntoaji

🎯
Focusing
97 followers · 89 following
View GitHub Profile
@zachlatta
zachlatta / almost_pwned.md
Last active April 16, 2025 11:30

g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.

  1. Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.

  2. They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.

  3. I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in

@hackermondev
hackermondev / research.md
Last active April 27, 2025 19:28
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@wlib
wlib / LICENSE
Last active April 30, 2024 17:07
Run a shell script with bash, line-by-line, prompted on each command. Useful for running unknown scripts or debugging. Not a secure substitute for understanding a script beforehand.
MIT License
Copyright (c) 2021 Daniel Ethridge
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
@premek
premek / mv.sh
Last active March 5, 2024 17:43
Rename files in linux / bash using mv command without typing the full name two times
# Put this function to your .bashrc file.
# Usage: mv oldfilename
# If you call mv without the second parameter it will prompt you to edit the filename on command line.
# Original mv is called when it's called with more than one argument.
# It's useful when you want to change just a few letters in a long name.
#
# Also see:
# - imv from renameutils
# - Ctrl-W Ctrl-Y Ctrl-Y (cut last word, paste, paste)
@wybiral
wybiral / noscript-tracking.go
Last active October 28, 2024 23:01
Tracking cursor position in real-time with remote monitoring (without JavaScript)
// Tracking cursor position in real-time without JavaScript
// Demo: https://twitter.com/davywtf/status/1124146339259002881
package main
import (
"fmt"
"net/http"
"strings"
)
@JoeyBurzynski
JoeyBurzynski / 55-bytes-of-css.md
Last active April 8, 2025 14:18
58 bytes of css to look great nearly everywhere

58 bytes of CSS to look great nearly everywhere

When making this website, i wanted a simple, reasonable way to make it look good on most displays. Not counting any minimization techniques, the following 58 bytes worked well for me:

main {
  max-width: 38rem;
  padding: 2rem;
  margin: auto;
}
@FachrulCH
FachrulCH / work_with_me_manual.md
Last active October 29, 2018 23:28
How to work with Fachrul CH 
- Last update: 27-Okt-2018
- Name: Fachrul Choliluddin
- Nickname: Alul

My Style

  • I loved to work in public area, where I can enjoy the ambiance as white noise, often I put headset on to listen nature white noise
  • My mind like rabbit, I think in not linear line; I'll jump very rapidly from limited evidence to an explanation.
  • I like to share knowledge with other, sometime I learn a lot from pairing with other
  • I am comfortable changing direction, shifting and adapting. I also love new ideas but this can be challenging for people
@aloucas
aloucas / encryptor.rb
Last active October 31, 2021 15:16
How to create dynamic attr_accessors (getters/setters) for encrypted attributes in a Ruby on Rails 5 Model.
# lib/encryptor.rb
# Module to dynamic encrypt attributes per model
module Encryptor
def has_encrypted_attributes(*attrs)
attrs.each do |attr|
# Define the dynamic getter
define_method(attr) do
self[attr].present? ? Encryptor.crypt.decrypt_and_verify(self[attr]) : self[attr]
end
# Define the dynamic setter
@phansch
phansch / yardoc_cheatsheet.md
Last active April 22, 2025 12:15 — forked from chetan/yardoc_cheatsheet.md
Improved YARD cheatsheet
@guitarrapc
guitarrapc / AsyncAwaitLambda.cs
Created December 4, 2016 20:32
async / await with AWS Lambda
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Amazon.Lambda.Core;
using Amazon.Lambda.Serialization;
// Assembly attribute to enable the Lambda function's JSON input to be converted into a .NET class.
[assembly: LambdaSerializerAttribute(typeof(Amazon.Lambda.Serialization.Json.JsonSerializer))]