Lukas Zmoginas Lzmog

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

Nerd Fonts for your IDE

https://www.nerdfonts.com/font-downloads

The following solution thanks to @hackerzgz & @snacky101 will install all nerd fonts;

brew tap homebrew/cask-fonts
brew search '/font-.*-nerd-font/' | awk '{ print $1 }' | xargs -I{} brew install --cask {} || true

Filter Phish

This Google Apps Scripts filter will automatically move all future emails with the header X-PHISHTEST to trash.

Getting started

Go to Google Apps Script
Add a new script and copy paste the content from the sibling file
Test run the script, go to View in the menu bar and click Logs

If there's no errors it should be blank, OR a verbose message that it removed a phishing email.

	Nodes
	$ kubectl get no
	$ kubectl get no -o wide
	$ kubectl describe no
	$ kubectl get no -o yaml
	$ kubectl get node --select or =[ label _name]
	$ kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}'
	$ kubectl top node [node_name]
	Pods
	$ kubectl get po

	while read DOMAIN; do
	nmap --script vuln -oN "${DOMAIN}_nmap.txt" $DOMAIN
	nuclei -rl 10 -no-stdin -u "https://${DOMAIN}" -o "${DOMAIN}_nuclei.txt"
	wapiti -u "https://${DOMAIN}" -f txt -o "${DOMAIN}_wapiti.txt" -m all --color --verbose 1 --detailed-report --delay 0.1
	done < scan.lst

	// NOTE: In the explicit encryption method all insert/update/find operations should ship encrypted data.
	// Let's explore an MongoDB Enterprise that helps automatically encryption / decryption data for you. But first,
	// define a JSON schema mapping for our patients collection via the Field-Level option.
	const healthCareAppSchema = {
	"health_care_app.patients": {
	"bsonType": "object",
	"properties": {
	"medRecNum": {
	"bsonType": "int"
	},

	# Make sure you are using gpg2
	git config --global gpg.program gpg2

	# Clone empty repository
	git clone git@github.com:ruzickap/terraform-gitops.git

	# Configure a repository to use git-crypt
	cd terraform-gitops
	git-crypt init

	package Boellis_PlankMake;


	import Boellis_PlankMake.tasks.BankPlank;
	import Boellis_PlankMake.tasks.MakePlank;
	import com.sun.prism.shader.Solid_TextureSecondPassLCD_AlphaTest_Loader;
	import org.powerbot.script.*;
	import org.powerbot.script.rt4.ClientContext;
	import org.powerbot.script.rt4.Magic.Spell;
	import org.powerbot.script.Condition;

	# https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
	# https://wpvulndb.com/vulnerabilities/9021
	location ~* ^/wp-admin/load-scripts\.php$ {
	if ( $query_string ~* "^.{1024,}$" ) {
	return 444;
	}
	}

	Export:

	mysqldump -u root -p --all-databases > alldb.sql
	or
	mysqldump -u root -p --opt --all-databases > alldb.sql
	or
	mysqldump -u root -p --all-databases --skip-lock-tables > alldb.sql


	Import: