Skip to content

Instantly share code, notes, and snippets.

View hack3r-0m's full-sized avatar
🎯
Focusing

hack3r-0m

🎯
Focusing
View GitHub Profile
@hackermondev
hackermondev / research.md
Last active February 8, 2025 08:32
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

//! THIS IS A GREAT EVIL THAT MUST BE DESTROYED necessitated by the current
//! limitations of the `alloy` crate.
//!
//! This module provides a wrapper for the `SolCall` trait from the `alloy` crate.
//! Its main purpose is to create an object-safe interface for `SolCall` implementations,
//! allowing for dynamic dispatch and easier handling of different Solidity function calls
//! in a uniform manner.
//!
//! ## Motivation
//!
//! ```cargo
//! [dependencies]
//! bech32 = "0.9"
//! bip32 = "0.5"
//! dialoguer = "0.10"
//! hex = "0.4"
//! k256 = "0.13"
//! ripemd = "0.1"
//! thiserror = "1"
//! ```
@Philogy
Philogy / headers.py
Created October 9, 2022 02:03
Transmission11s Style Headers In Python
#!/bin/python3
import sys
import pyperclip
def main():
args = sys.argv
if len(args) != 2:
raise ValueError(f'Invalid argument count {len(args)} expected 2')
word = args[1]
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.13;
library Iterators {
// Function types:
// https://docs.soliditylang.org/en/latest/types.html#function-types
function map(uint256[] memory input, function (uint256) internal pure returns (uint256) f)
internal
pure
@noxx3xxon
noxx3xxon / arbitrage.py
Created August 21, 2022 22:34
CFMM Routing Arbitrage Example
import numpy as np
import cvxpy as cp
import itertools
# Problem data
global_indices = list(range(4))
# 0 = TOKEN-0
# 1 = TOKEN-1
# 2 = TOKEN-2
@0xA5DF
0xA5DF / !README.md
Last active August 19, 2022 13:37
Forge calculates gas as if it's all one tx (affecting ops that depend on warm/cold keys/addresses)

Forge calculates gas as if each test is one tx

Sample code

When runing forge test -m testGas --gas-report -vv, it shows the cost of calling x is 261:

╭──────────────────────────────────┬─────────────────┬─────┬────────┬─────┬─────────╮
│ contracts/Gas.sol:Store contract ┆                 ┆     ┆        ┆     ┆         │
╞══════════════════════════════════╪═════════════════╪═════╪════════╪═════╪═════════╡
│ Deployment Cost                  ┆ Deployment Size ┆     ┆        ┆     ┆         │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┼╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┼╌╌╌╌╌┼╌╌╌╌╌╌╌╌┼╌╌╌╌╌┼╌╌╌╌╌╌╌╌╌┤
function factorial_Yul_For(uint256 x) public pure returns(uint256){
assembly{
let result := 1
for {} iszero(iszero(x)) { x := sub(x, 1)} {
result := mul(result, x)
}
mstore(0,result)
return(0,0x20)
}
}
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active September 11, 2024 21:41
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log