hackermondev

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

hackermondev

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like support@company.com), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

SandiyosDev

---- page.php ---
<?php
/**
 * This is a demo for using the WP Redis Group Cache.
 */

/**
 * A demo DustPress model class.
 */
class Page extends \DustPress\Model {

tstromberg

Here is what Browse Securely transmits in regards to visiting a Spotify pairing page:

{
  "uid": "36ebc658-c7bd-4230-8886-0f7cffce6b76",
  "utm_source": null,
  "mid": null,
  "prid": "8d5294c3-0bac-4959-a25b-c50df4726965",
  "id": "86a0a954-b827-40c5-9202-00689694c47c",
  "ext_num": 109,
  "runtime_id": "eldjnmdpkecnjjkmmgndpcibgkfpodfh",

ph33nx

:: ################################################################
:: ##                  🔥 WinMasterBlocker 🔥                     #
:: ################################################################
:: # Author: https://github.com/ph33nx                            #
:: # Repo: https://github.com/ph33nx/WinMasterBlocker             #
:: #                                                              #
:: # This script blocks inbound/outbound network access           #
:: # for major apps like Adobe, Autodesk, Corel, Maxon,           #
:: # and more using Windows Firewall.                             #
:: #                                                              #

Webarkitekt

MONGODB_URI=[YOUR_MONGO_DB_URL]
GITLAB_HOST=[YOUR_GITLABHOST_URL]
GITLAB_PROJECT_ID=[YOUR_GITLAB_PROJECT_ID]
GITLAB_BRANCH=[YOUR_GITLAB_BRANCH]
GITLAB_PERSONAL_ACCESS_TOKEN=[YOUR_GITLAB_TOKEN]
TINA_PUBLIC_IS_LOCAL=false

# _optionally_ Use Tina Cloud for user authentication
#NEXT_PUBLIC_TINA_CLIENT_ID=***

Bleuje

// code updates are now there:
// https://github.com/Bleuje/processing-animations-code/blob/main/code/fractalsliding2d/fractalsliding2d.pde

// Processing code by Etienne JACOB
// for collab with Yann Le Gall (https://demozoo.org/graphics/322553/)
// motion blur template by beesandbombs
// See the license information at the end of this file.
// View the rendered result at: https://bleuje.com/gifanimationsite/single/2dfractalslidingsquares/

// using double instead of float makes the code a bit more complicated

Cryptiiiic

Unfortunately I have some bad news for downgrading.
Before I explain the bad news at the end of this post, I first need to introduce a background of iOS devices.
In iOS 16, Apple introduced a new firmware component known as Cryptex1. Technically, this is a "virtual" co-processor.
It's purpose is to allow Apple to push RSRs (Rapid Security Responses) which are separate from traditional iOS updates and can be installed much faster.
Like other firmwares, it also has a signing ticket locked to a cryptographic nonce (number-used-once).
We commonly refer to the Apple signing tickets as SHSH blobs.
Meaning the firmware can't be installed without a valid signing ticket as well as a matching nonce.
The "big two" components we deal with signing/nonces are AP and SEP. AP is basically the main device chip (Application Processor).
SEP is the security chip (Secure Enclave Processor).
With regards to APNonce, Apple conveniently gave us the com.apple.System.boot-nonce NVRAM property which we use to set the APNonce generator.

coolaj86

Chat GPT "DAN" (and other "Jailbreaks")

• https://chat.openai.com/
• Is ChatGPT "DAN" Real? Gonna find out [Part 1]
  (https://www.youtube.com/watch?v=-q8woRG9FrI)
• Part 2: I thought ChatGPT DAN was a hoax, but...
  (https://www.youtube.com/watch?v=rHZRrDu3A2U&lc=UgxfrxX8aK7gnCzkend4AaABAg)

AhmedBafkir

// https://github.com/qnblackcat/uYouPlus/discussions/447#discussioncomment-3672653

%hook SSORPCService
+ (id)URLFromURL:(id)arg1 withAdditionalFragmentParameters:(NSDictionary *)arg2 {
    NSURL *orig = %orig;
    NSURLComponents *urlComponents = [[NSURLComponents alloc] initWithURL:orig resolvingAgainstBaseURL:NO];
    NSMutableArray *newQueryItems = [urlComponents.queryItems mutableCopy];
    for (NSURLQueryItem *queryItem in urlComponents.queryItems) {
        if ([queryItem.name isEqualToString:@"system_version"]
            || [queryItem.name isEqualToString:@"app_version"]