hackermondev

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)

gphg

#!/usr/bin/bash

# Define custom exit codes
EXIT_SUCCESS=0
EXIT_MISSING_ARGS=1
EXIT_FFPROBE_FAILED=2
EXIT_ZERO_DURATION=3
EXIT_FFMPEG_FAILED=4
EXIT_TIME_PARSING_FAILED=5
EXIT_COMMAND_NOT_FOUND=6

hackermondev

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

roadkell

Fixing acpi_call kernel oops on Thinkpads

Intro

TLP, a power management utility for Thinkpads and other laptops, uses tpacpi-bat script for battery calibration and setting charge thresholds (for Thinkpads xx20 and later), which in turn uses acpi_call Linux kernel module that enables calls to ACPI methods through /proc/acpi/call. acpi_call can also be used for hybrid graphics switching and other power management tasks.

What happened

As explained here and here, a kernel upstream commit made seek support for [procfs](https://en.wikipedia.org/wiki/

agichim

id	title	desc	updated	created
3UT7YPV6Qnr2UL6H6roQ0	Motog8power		1682709194077	1629568034286

Moto G8 Power guide to flash and install a custom ROM

probonopd

Think twice before abandoning X11. Wayland breaks everything!

tl;dr: Wayland is not "the future", it is merely an incompatible alternative to the established standard with a different set of priorities and goals.

Wayland breaks everything! It is binary incompatible, provides no clear transition path with 1:1 replacements for everything in X11, and is even philosophically incompatible with X11. Hence, if you are interested in existing applications to "just work" without the need for adjustments, then you may be better off avoiding Wayland.

Wayland solves no issues I have but breaks almost everything I need. Even the most basic, most simple things (like xkill) - in this case with no obvious replacement. And usually it stays broken, because the Wayland folks mostly seem to care about Automotive, Gnome, maybe KDE - and alienating e

coolaj86

See bootableinstaller.com

How to create a Bootable MacOS Recovery USB from Linux

If your Mac is out-of-order or you otherwise cannot download macOS from the App Store, you can still create a bootable OS X recovery USB, and you can use that to create an Installer USB.

The downloads used in this process are legal and freely avaliable - including disk images directly from Apple's IT support pages, and open source utilities for extracting and converting pkg, dmg, and HFS+.

Hakky54

OpenSSL Cheat Sheet 🔐

Install

Install the OpenSSL on Debian based systems

sudo apt-get install openssl

LukeSmithxyz

# vim: filetype=i3
# File originally by Luke Smith <https://lukesmith.xyz>

# This config file will use environmental variables such as $BROWSER and $TERMINAL.
# You can set these variables in ~/.profile or ~/.bash_profile if you have it as below:
#
# export FILE="ranger"
# export TERMINAL="st"

# #---Basic Definitions---# #

micycle1

For direct image URL, the image quality is much lower than the original upload (the resolution and size of the original upload can be found in the right sidebar). This is not the case few years ago when the original image was accessible through right click, but on 2017, Wix acquired DeviantArt, and has been migrating the images to their own image hosting system from the original DeviantArt system. They linked most of the direct images to a stripped-down version of the original images; hence the bad image quality. Below are the three different formats of direct image URLs I found:

• URL with /v1/fill inside: this means that the image went through Wix's encoding system and is modified to a specific size and quality. In this case, you remove ?token= and its values, add /intermediary in front of /f/ in the URL, and change the image settings right after /v1/fill/ to w_5100,h_5100,bl,q_100. The definitions of the values can be found in [Wix's Image Service](https://support.wi