Skip to content

Instantly share code, notes, and snippets.

View hktonylee's full-sized avatar

hktonylee

29 followers · 42 following
View GitHub Profile
@maple3142
maple3142 / CVE-2025-55182.http
Last active December 9, 2025 00:19
CVE-2025-55182 React Server Components RCE POC
POST / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Next-Action: x
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Length: 459
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"
@rebane2001
rebane2001 / glass-with-controls.html
Last active October 31, 2025 17:19
glass effect test css/svg thing (messy) - demo: https://codepen.io/rebane2001/details/OPVQXMv
<div style="position:absolute;top:-999px;left:-999px">
<svg
id="effectSvg"
width="200"
height="200"
viewBox="0 0 200 200"
xmlns="http://www.w3.org/2000/svg">
<filter id="displacementFilter4">
@hackermondev
hackermondev / research.md
Last active December 8, 2025 22:28
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@thesamesam
thesamesam / xz-backdoor.md
Last active November 30, 2025 22:27
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@adtac
adtac / Dockerfile
Last active July 13, 2025 20:06
#!/usr/bin/env docker run
#!/usr/bin/env -S bash -c "docker run -p 8080:8080 -it --rm \$(docker build --progress plain -f \$0 . 2>&1 | tee /dev/stderr | grep -oP 'sha256:[0-9a-f]*')"
# syntax = docker/dockerfile:1.4.0
FROM node:20
WORKDIR /root
RUN npm install sqlite3
@Nexarian
Nexarian / xrdp-nvidia-setup.sh
Last active December 3, 2025 05:13
Setup for XRDP using Nvidia Acceleration
#!/usr/bin/env bash
set -e
cd ~
sudo -v
# Make sure system is in a good, updated, clean, state.
sudo apt-get -y update
@nateraw
nateraw / stable_diffusion_walk.py
Created August 18, 2022 05:59
Walk between stable diffusion text prompts
"""
Built on top of this gist by @karpathy:
https://gist.github.com/karpathy/00103b0037c5aaea32fe1da1af553355
stable diffusion dreaming over text prompts
creates hypnotic moving videos by smoothly walking randomly through the sample space
example way to run this script:
$ python stable_diffusion_walk.py --prompts "['blueberry spaghetti', 'strawberry spaghetti']" --seeds 243,523 --name berry_good_spaghetti
@pyther
pyther / wsl2_ciscoanyconnect_workaround.md
Last active July 9, 2025 03:42

WSL 2 Cisco AnyConnect Networking Workaround

Overview

WSL 2 uses a Hyper-V Virtual Network adapter. Network connectivity works without any issue when a VPN is not in use. However when a Cisco AnyConnect VPN session is established Firewall Rules and Routes are added which breaks connectivity within the WSL 2 VM. This issue is tracked WSL/issues/4277

Below outline steps to automatically configure the Interface metric on VPN connect and update DNS settings (/etc/resolv.conf) on connect/disconnect.

Manual Configuration

Set Interface Metrics

@graninas
graninas / What_killed_Haskell_could_kill_Rust.md
Last active December 3, 2025 06:56
What killed Haskell, could kill Rust, too

At the beginning of 2030, I found this essay in my archives. From what I know today, I think it was very insightful at the moment of writing. And I feel it should be published because it can teach us, Rust developers, how to prevent that sad story from happening again.

What killed Haskell, could kill Rust, too

What killed Haskell, could kill Rust, too. Why would I even mention Haskell in this context? Well, Haskell and Rust are deeply related. Not because Rust is Haskell without HKTs. (Some of you know what that means, and the rest of you will wonder for a very long time). Much of the style of Rust is similar in many ways to the style of Haskell. In some sense Rust is a reincarnation of Haskell, with a little bit of C-ish like syntax, a very small amount.

Is Haskell dead?

@daehahn
daehahn / wsl2-network.ps1
Last active September 28, 2025 12:00
WSL 2 TCP NETWORK FORWARDING
# WSL2 network port forwarding script v1
# for enable script, 'Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser' in Powershell,
# for delete exist rules and ports use 'delete' as parameter, for show ports use 'list' as parameter.
# written by Daehyuk Ahn, Aug-1-2020
# Display all portproxy information
If ($Args[0] -eq "list") {
netsh interface portproxy show v4tov4;
exit;
}