Skip to content

Instantly share code, notes, and snippets.

View learning-dev's full-sized avatar

Mohammed Ayaz learning-dev

3 followers · 9 following
View GitHub Profile
@hackermondev
hackermondev / writeup.md
Last active January 17, 2026 05:11
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)

@pritul95
pritul95 / boto_session.py
Last active December 17, 2024 12:33
Refreshable Boto3 Session to create auto refreshable client or resource
from uuid import uuid4
from datetime import datetime
from time import time
import boto3
from boto3 import Session
from botocore.credentials import RefreshableCredentials
from botocore.session import get_session