Skip to content

Instantly share code, notes, and snippets.

View teddav's full-sized avatar

teddav teddav

93 followers · 45 following
View GitHub Profile
@hackermondev
hackermondev / research.md
Last active June 25, 2025 07:25
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@pmikolajczyk41
pmikolajczyk41 / ZK Hack V: Zeitgeist write-up.md
Created December 1, 2024 14:34

ZK Hack V: Zeitgeist write-up

In this document, we explore an approach to uncovering prover's secrets by analyzing the content of their proofs. This method leverages scenarios where the proof system fails or just doesn't bother to conceal information — specifically, when the proofs are not zero-knowledge.

Note: This article is not a formal technical paper. Instead, it aims to present complex and advanced concepts in a (hopefully) accessible way. While some simplifications will be made for clarity, I will strive to point out when the actual details are more intricate than described.

Shortcuts for Advanced Readers: Each section includes a quick TL;DR summary for those already familiar with the basics. Feel free to skip ahead if the summary indicates nothing new or significant for you.

Basics of (ZK-)Proving

@hackermondev
hackermondev / zendesk.md
Last active June 25, 2025 20:26
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@0xdevalias
0xdevalias / _deobfuscating-unminifying-obfuscated-web-app-code.md
Last active July 2, 2025 21:09
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code
@kconner
kconner / macOS Internals.md
Last active July 2, 2025 14:28
macOS Internals

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

@ByteSizedMarius
ByteSizedMarius / ExtractSavedPlacesGMaps.md
Last active July 3, 2025 07:00
Google Maps: Extract places from shared list

Edit: This doesn't work for lists > 20 items, because pagination does not work. Please see here

This script allows extracting name and coordinates for gmaps shared lists. It is incredibly unstable and may break anytime. Good luck figuring out why, because the syntax is extremely confusing and basically makes no sense at all. Thanks to google for not providing an api for this after LITERALLY 12 YEARS

How to use this script:

  1. Share a list and open the link in a browser window. It will redirect. The new link will look like this: google.com/maps/@<your coords>/data=....
  2. Take the data-portion and paste it into the following link: https://google.com/maps/@/data=?ucbcb=1
@sts10
sts10 / rust-command-line-utilities.markdown
Last active July 2, 2025 01:24
A curated list of command-line utilities written in Rust

A curated list of command-line utilities written in Rust

Note: I have moved this list to a proper repository. I'll leave this gist up, but it won't be updated. To submit an idea, open a PR on the repo.

Note that I have not tried all of these personally, and cannot and do not vouch for all of the tools listed here. In most cases, the descriptions here are copied directly from their code repos. Some may have been abandoned. Investigate before installing/using.

The ones I use regularly include: bat, dust, fd, fend, hyperfine, miniserve, ripgrep, just, cargo-audit and cargo-wipe.

  • atuin: "Magical shell history"
  • bandwhich: Terminal bandwidth utilization tool
@anvbis
anvbis / pwntools-cheatsheet.md
Last active June 29, 2025 10:06
pwntools-cheatsheet.md
@cleanunicorn
cleanunicorn / fisher-yates.sol
Created October 6, 2021 09:55
Fisher Yates Shuffle, aka Knuth Shuffle proof of concept
contract Shuffle {
function shuffle(
uint size,
uint entropy
)
public
pure
returns (
uint[] memory
) {
@x0nu11byt3
x0nu11byt3 / elf_format_cheatsheet.md
Created February 27, 2021 05:26
ELF Format Cheatsheet

ELF Format Cheatsheet

Introduction

Executable and Linkable Format (ELF), is the default binary format on Linux-based systems.

ELF

Compilation