Skip to content

Instantly share code, notes, and snippets.

View lck0's full-sized avatar

lck0

12 followers · 36 following
View GitHub Profile
@lck0
lck0 / research.md
Created January 22, 2025 22:31 — forked from hackermondev/research.md
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@lck0
lck0 / 研修資料まとめ.md
Created June 26, 2024 15:10 — forked from gcchaan/研修資料まとめ.md
@lck0
lck0 / DumpAZW6_py3.py
Created July 27, 2023 17:12 — forked from fireattack/DumpAZW6_py3.py
Py3 version
#!/usr/bin/env python
# vim:fileencoding=UTF-8:ts=4:sw=4:sta:et:sts=4:ai
import sys
import os, getopt, struct
import imghdr
def get_image_type(imgname, imgdata=None):
imgtype = imghdr.what(imgname, imgdata)
@lck0
lck0 / certifried_with_krbrelayup.md
Created May 17, 2022 15:39 — forked from tothi/certifried_with_krbrelayup.md
Certifried combined with KrbRelayUp: non-privileged domain user to Domain Admin without adding/pre-owning computer accounts

Certifried combined with KrbRelayUp

Certifried (CVE-2022-26923) gives Domain Admin from non-privileged user with the requirement adding computer accounts or owning a computer account. Kerberos Relay targeting LDAP and Shadow Credentials gives a non-privileged domain user on a domain-joined machine local admin access on (aka owning) the machine. Combination of these two: non-privileged domain user escalating to Domain Admin without the requirement adding/owning computer accounts.

The attack below uses only Windows (no Linux tools interacting with the Domain), simulating a real-world attack scenario.

Prerequisites: