bribes

Microsoft Partner Leak: Leaking Microsoft Employee PII and 700M+ Partner Records _{^{(Auth Bypass + Leaked API Key)}}

Date: 08/12/25

Hey! I'm Faav, and this is how I hacked the Microsoft Device Pricing Program (for Microsoft Partners) to leak Microsoft Employee PII using an auth bypass and 700M+ Microsoft partner records via a leaked API key.

One day, I came across the subdomain mdpp.microsoft.com and decided to look into it. (MDPP stands for Microsoft Device Pricing Program)

rxri

Hi fellow reader,

I'm ririxi, core maintainer of spicetify. Some people asked me to do a technical explanation of what spotify shipped with macOS Intel versions. This would be my first time writing a post like this, so I apologize for any inscriptions.

What is V8 context snapshot?

Spotify under the hood uses CEF (Chromium Embedded Framework) which is a framework around chromium, essentially electron but for C++. Chromium uses a V8 which is a Javascript engine created by Google. V8 can generate serialized representation (bytecode) of the V8 engine's heap. It contains pre-initialized JavaScript objects and functions.

vps-victor

• RECON

  • STUDY THE PROGRAM
    • #1 - Understand the terms:
      • (a) Write down all (sub)domains in and out of scope;
      • (b) Understand which types of vulnerabilities are considered valid or not for reports.
    • #2 - Understand the application:
      • (a) What this web application does; (b) How the AAA work in the application.
    • #3 - Read and study some vulnerabilities that has already have been reported in the program.

• SUBDOMAIN ENUMERATION

aamiaa

The original snippet no longer works!

On 02/09/2024 at around 8pm UTC, Discord flipped an experiment (2023-09_mobile_redesign_override_toggles) which ignores the layout toggle that this script relied on.

If you want to continue using the old layout, you can either use a modded mobile client (such as Vendetta) to disable that experiment, or downgrade to an old version of the app.

Method 1 - Downgrading (Android)

Tip

Use this one if you want a fast, beginner-friendly solution and don't mind using a version from November 2023

1. Download version 205.15 of Discord mobile app from ApkMirror

luigiMinardi

Small warning for everyone that are thinking if using Tex colors is a good idea or not

• 2023-05-02 - Since a few days ago \colorbox and \fcolorbox are broken and Github did't talk about if it's a temporary thing or if it will not be added back.
  • 2024-01-04 - Since it has not being added back I deduce that it will never be so I removed all mentions to it on the rest of the gist.
• 2023-09-29 - Tex seems to not work on h1 to h6 anymore (markdown #'s)
  • 2024-01-04 - Now it works again, I'll keep the message for a while to remember that it may change again in the future

As you can se with the above message(s) Tex may not be very stable and may not be an option to you as of the dates expressed above. You can also check other tex problems here.

Github released Tex support and colors* to the markdown and you din't realized

kennytv

Signed chat

This gist intends on clearing up some of the misinformation surrounding signed chat/the reporting feature Mojang has added to Minecraft 1.19.1. Here you can find both technical information as well as a general explanation of how these work.

Profile keys

After joining a server, clients now send a profile key used for verifying a message's authenticity. This key and thus the whole signing process is optional, but by default, servers enforce secure profiles for clients to send chat messages. Whenever the player sends a chat message and has a key associated, the message will be signed using their own private key, which the server then verifies using the public key sent after join. Assuming signature, timestamp, and message contents line up, the message goes through.

On the other end, clients can also require all broadcasted player messages to be signed, disregarding the ones without sender verified signatures.

Message signatures

yukulele

Twitter native video player

Replace the user-unfriendly Twitter video player with the browser's native video player.

This allows you to:

• seek backward/forward with the ← / → keys
• change the volume with the ↑ / ↓ keys or mouse wheel
• switch full screen with double-click or f key
• access the video's contextual menu
• change the playback speed with the + / - and 0 keys or via the contextual menu

Xaekai

CyTube Custom Content Metadata

Last updated: 2022-02-12

Purpose

CyTube currently supports adding custom audio/video content by allowing the user to supply a direct URL to an audio/video file. The server uses ffprobe to probe the file for various metadata, including the codec/container format and

norsec0de

Idiots Guide to CVSS

CVSS is a formula used by legends that provides risk severity for discovered vulnerabilities. It's an objective representation of the risk that prevents idiots from arguing with you.

There are 3 sections to the CVSS:

• Base Score: This section is where the severity of the vulnerability is determined and is only section that actually matters
• Temporal Score: This section provides additional information to other people, who are responsible for security, but don't know how to use Google.
• Environment Score: This section is for idiots who are not responsible for security, but want to feel included, to tell the rest of us how precious and sensitive their app is.

---

marcymon97

# Description: Simple python script to download portuguese One Piece manga chapters from onepieceex.net
# Usage: Just execute the script with python and tell the chapter number as the first and only parameter.
#        The chapter will then be downloaded and saved as .cbz on the same folder as the script.
# Author: Márcio Medeiros
# Version 1.0
import sys
import os
import shutil
import requests
import re