Skip to content

Instantly share code, notes, and snippets.

View nikeee's full-sized avatar

Niklas Mollenhauer nikeee

128 followers · 125 following
View GitHub Profile
@hackermondev
hackermondev / research.md
Last active May 1, 2025 13:13
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@rena2019
rena2019 / deutschlandticket.md
Last active May 1, 2025 09:32
DeutschlandTicket Anomalien

DeutschlandTicket Anomalien

Einige DeutschlandTickets sind anders als die anderen. Preislich soll es für 49EUR starten und für ganz Deutschland einen bestimmten Featureset mitbringen. Folgende Verkehrsverbunde wollen allerdings Zusatzoptionen anbieten:

Falls Ihr noch weitere kennt: einfach unten als Kommentar oder via Twitter ergaenzen

  • Dresdner Verkehrsbetriebe AG (DVB) @ Verkehrsverbund Oberelbe (VVO) bzw siehe PDF vom VVO
    • Deutschlandticket Plus Mitnahme (+10 EUR)
      Berechtigt zur Mitnahme im Verkehrsverbund Oberelbe (VVO) von einem Hund oder einem Fahrrad ohne zeitliche Einschränkung sowie einem weiteren Erwachsenen und bis zu vier Schülern bis zum 15. Geburtstag von Montag bis Freitag zwischen 18 und 4 Uhr sowie ganztags an Wochenenden und Feiertagen.
@sindresorhus
sindresorhus / esm-package.md
Last active April 29, 2025 15:28
Pure ESM package

Pure ESM package

The package that linked you here is now pure ESM. It cannot be require()'d from CommonJS.

This means you have the following choices:

  1. Use ESM yourself. (preferred)
    Use import foo from 'foo' instead of const foo = require('foo') to import the package. You also need to put "type": "module" in your package.json and more. Follow the below guide.
  2. If the package is used in an async context, you could use await import(…) from CommonJS instead of require(…).
  3. Stay on the existing version of the package until you can move to ESM.
@IanColdwater
IanColdwater / twittermute.txt
Last active April 14, 2025 16:31
Here are some terms to mute on Twitter to clean your timeline up a bit.
Mute these words in your settings here: https://twitter.com/settings/muted_keywords
ActivityTweet
generic_activity_highlights
generic_activity_momentsbreaking
RankedOrganicTweet
suggest_activity
suggest_activity_feed
suggest_activity_highlights
suggest_activity_tweet
@StevenACoffman
StevenACoffman / Homoglyphs.md
Last active April 30, 2025 00:01
Unicode Look-alikes

Unicode Character Look-Alikes

Original Letter Look-Alike(s)
a а ạ ą ä à á ą
c с ƈ ċ
d ԁ ɗ
e е ẹ ė é è
g ġ
h һ
@dbeecham
dbeecham / overlay-here
Created November 19, 2019 10:58
#!/usr/bin/env sh
if test ! -d ./overlay; then
read -p "No overlay found here. Want to create one? (y/N)" yn
case $yn in
[Yy]* ) install -d overlay/upperdir && install -d overlay/workdir && install -d overlay/mnt; break;;
* ) exit;;
esac
fi
@bessarabov
bessarabov / gist:674ea13c77fc8128f24b5e3f53b7f094
Last active August 23, 2024 19:11
One-liner to generate data shown in post 'At what time of day does famous programmers work?' — https://ivan.bessarabov.com/blog/famous-programmers-work-time
git log --author="Linus Torvalds" --date=iso | perl -nalE 'if (/^Date:\s+[\d-]{10}\s(\d{2})/) { say $1+0 }' | sort | uniq -c|perl -MList::Util=max -nalE '$h{$F[1]} = $F[0]; }{ $m = max values %h; foreach (0..23) { $h{$_} = 0 if not exists $h{$_} } foreach (sort {$a <=> $b } keys %h) { say sprintf "%02d - %4d %s", $_, $h{$_}, "*"x ($h{$_} / $m * 50); }'
@seanh
seanh / html_tags_you_can_use_on_github.md
Last active April 30, 2025 20:56
HTML Tags You Can Use on GitHub

HTML Tags You Can Use on GitHub

Wherever HTML is rendered on GitHub (gists, README files in repos, comments on issues and pull requests, ...) you can use any of the HTML elements that GitHub Flavored Markdown (GFM) provides syntactic sugar for. You can either use the syntactic sugar that GFM (or other GitHub-supported markup language you're using) provides or, since Markdown can contain raw HTML, you can enter the HTML tags manually.

But GitHub also allows you to use a few HTML elements beyond what Markdown provides by entering the tags manually, and some of them are styled with CSS. Most raw HTML tags get stripped before rendering the HTML. Those tags that can be generated by GFM syntactic sugar, plus a few more, are whitelisted. These aren't documented anywhere that I can find. Here's what I've discovered so far:

<details> and <summary>

A `<detai

@thornbill
thornbill / .gitlab-ci.yml
Created November 22, 2016 21:29
Example Node GitLab CI Yamlfile
# Official framework image. Look for the different tagged releases at:
# https://hub.docker.com/r/library/node/tags/
image: node:6
before_script:
- npm install
# This folder is cached between builds
# http://docs.gitlab.com/ce/ci/yaml/README.html#cache
cache:
@rverton
rverton / cowroot.c
Created October 21, 2016 14:06
CVE-2016-5195 (DirtyCow) Local Root PoC
/*
* (un)comment correct payload first (x86 or x64)!
*
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten