Skip to content

Instantly share code, notes, and snippets.

View Chaz6's full-sized avatar

Chris Hills Chaz6

View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active January 21, 2025 21:59
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like support@company.com), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@stong
stong / cups-browsed.md
Last active January 15, 2025 14:08
CUPS disclosure leaked online. Not my report. The original author is @evilsocket

Original report

  • Affected Vendor: OpenPrinting
  • Affected Product: Several components of the CUPS printing system: cups-browsed, libppd, libcupsfilters and cups-filters.
  • Affected Version: All versions <= 2.0.1 (latest release) and master.
  • Significant ICS/OT impact? no
  • Reporter: Simone Margaritelli [evilsocket@gmail.com]
  • Vendor contacted? yes The vendor has been notified trough Github Advisories and all bugs have been confirmed:
@timothyham
timothyham / ipv6guide.md
Last active January 19, 2025 14:56
A Short IPv6 Guide for Home IPv4 Admins

A Short IPv6 Guide for Home IPv4 Admins

This guide is for homelab admins who understand IPv4s well but find setting up IPv6 hard or annoying because things work differently. In some ways, managing an IPv6 network can be simpler than IPv4, one just needs to learn some new concepts and discard some old ones.

Let’s begin.

First of all, there are some concepts that one must unlearn from ipv4:

Concept 1

@adtac
adtac / Dockerfile
Last active November 1, 2024 03:05
#!/usr/bin/env docker run
#!/usr/bin/env -S bash -c "docker run -p 8080:8080 -it --rm \$(docker build --progress plain -f \$0 . 2>&1 | tee /dev/stderr | grep -oP 'sha256:[0-9a-f]*')"
# syntax = docker/dockerfile:1.4.0
FROM node:20
WORKDIR /root
RUN npm install sqlite3
@khalidx
khalidx / node-typescript-esm.md
Last active November 14, 2024 08:26
A Node + TypeScript + ts-node + ESM experience that works.

The experience of using Node.JS with TypeScript, ts-node, and ESM is horrible.

There are countless guides of how to integrate them, but none of them seem to work.

Here's what worked for me.

Just add the following files and run npm run dev. You'll be good to go!

package.json

@BushidoUK
BushidoUK / Malicious Hostnames.txt
Created June 14, 2023 21:19
Malicious Hostnames belonging to Malware Operators, Ransomware Groups, and Advanced Persistence Threats
WIN-QQ80VPAFRNH
84.252.95.225 - SolarMarker
37.120.237.251 - SolarMarker
217.138.205.170 - Ursnif
185.236.202.184 - Pegasus, NSO Group
DESKTOP-2NFCDE2
94.142.138.32 - Aurora Stealer
45.15.156.250 - Aurora Stealer
45.15.156.40 - Raccoon Stealer

Ad-free Twitter

Inject this css snippet to remove all ads from your Twitter timeline.

div[data-testid="placementTracking"]:has(path[d="M19.498 3h-15c-1.381 0-2.5 1.12-2.5 2.5v13c0 1.38 1.119 2.5 2.5 2.5h15c1.381 0 2.5-1.12 2.5-2.5v-13c0-1.38-1.119-2.5-2.5-2.5zm-3.502 12h-2v-3.59l-5.293 5.3-1.414-1.42L12.581 10H8.996V8h7v7z"]) {
  display: none;
}
@max-sixty
max-sixty / config.kdl
Last active January 12, 2024 08:16
Zellij Config
// This Zellij config offers a more modal experience than the default. There are
// very few keybindings in the mode that you spend most of your time in, and we
// need to hit `C-space` to go into a mode where we navigate.
// The only keybindings in the normal mode are:
// - `C-space` to go into the tmux mode
// - `C-n` for a new pane
// - `C-t` for a new tab
// - `A-[` & `A-]` to go to the previous/next tab
// - `S-arrow` to navigate between panes
@blotus
blotus / log4j_exploitation_attempts_crowdsec.md
Last active December 29, 2023 12:24
IPs exploiting the log4j2 CVE-2021-44228 detected by the crowdsec community

This list is no longer updated, thus the information is no longer reliable.

You can see the latest version (from october 2022) here

@radiantly
radiantly / noMangleGoogle.user.js
Last active November 18, 2024 06:39
Prevent Google from mangling links on the search results when clicking or copying on Firefox
// ==UserScript==
// @name Prevent link mangling on Google
// @namespace LordBusiness.LMG
// @match https://www.google.com/search
// @grant none
// @version 1.1
// @author radiantly
// @description Prevent google from mangling the link when copying or clicking the link on Firefox
// ==/UserScript==