Skip to content

Instantly share code, notes, and snippets.

View opticaldrive's full-sized avatar
:octocat:
Githubing occasionally

opticaldrive

:octocat:
Githubing occasionally
56 followers · 247 following
View GitHub Profile
@hackermondev
hackermondev / research.md
Last active December 19, 2025 21:38
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@hackermondev
hackermondev / zendesk.md
Last active December 15, 2025 03:31
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@Elijah-Bodden
Elijah-Bodden / CloneYourself.md
Last active October 5, 2024 15:02

How to make an LLM clone of yourself

Wanna create and play with an AI clone of yourself or someone else (my lawyer says please don't)[^1] like this one? You're in luck because it's super easy!

Step one: get you some datas

This step really varies depending on your data sources, but the end goal is to turn some of real-you's conversations (from your platforms of choice) into a ShareGPT format dataset with you as the gpt. Here's what your (json) file should end up looking like:

{"conversations": [{"from": "human", "value": "Hi"}, {"from": "gpt", "value": "Hello"}]} 
{"conversations": [{"from": "human", "value": "What's up "}, {"from": "gpt", "value": "not much, you?"}, {"from": "human", "value": "Just thinking, what if you're a robot and I don't realize it?"}, {"from": "gpt", "value": "hahaha don't be crazy"}]}
...

NOTE: Make sure every line starts with a message from the other person ("human")

@thesamesam
thesamesam / xz-backdoor.md
Last active December 9, 2025 03:22
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@youngchief-btw
youngchief-btw / removeXcodePersonalInfo.bash
Created August 2, 2022 18:15
Remove personal info from an Xcode project.
ProjectName="ExampleApp"
rm -rf "$ProjectName.xcodeproj/xcuserdata"
rm -rf "$ProjectName.xcodeproj/project.xcworkspace"
rm -rf "$ProjectName.xcodeproj/project.xcworkspace/xcuserdata"