Skip to content

Instantly share code, notes, and snippets.

View MHM5000's full-sized avatar
🏠
Working from home

Mohammad Hossein Mojtahedi MHM5000

🏠
Working from home
257 followers · 92 following
View GitHub Profile
@arianvp
arianvp / SSH_MACOS_SECURE_ENCLAVES.md
Last active December 9, 2025 01:32
Native Secure Enclaved backed ssh keys on MacOS

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

@mccaffers
mccaffers / elasticsearch-aws-ami-al2023.sh
Last active September 29, 2025 07:50
This script installs Elasticsearch and Kibana on Amazon Linux 2023. It configures the repositories, installs the software, sets it to start on boot, and resets the elastic user password for initial access.
#!/bin/bash
# This script installs Elasticsearch and Kibana on Amazon Linux 2023
# It configures the repositories, installs the software, sets it to start on boot,
# and resets the elastic user password for initial access
## Step 1: Import the Elasticsearch GPG Key for package verification
# This ensures packages are downloaded from a trusted source
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
@hackermondev
hackermondev / research.md
Last active December 8, 2025 22:28
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@chamlis
chamlis / communityworld
Last active April 15, 2025 17:53
All the Packages
2bwm-doc=0.3-r2
2bwm=0.3-r2
6tunnel-doc=0.13-r2
6tunnel=0.13-r2
7zip-doc=23.01-r0
7zip=23.01-r0
R-dev=4.4.0-r0
R-doc=4.4.0-r0
R-mathlib=4.4.0-r0
R=4.4.0-r0
@tekknolagi
tekknolagi / lines.py
Last active September 10, 2024 20:03
#!/usr/bin/env python
import multiprocessing
import random
import time
class Logger:
def __init__(self, num_lines, last_output_per_process, terminal_lock):
self.num_lines = num_lines
@TomIsLoading
TomIsLoading / TailwindTips.tsx
Created February 16, 2024 01:25
import React from "react";
import {
FiBell,
FiDownload,
FiEdit,
FiSave,
FiSettings,
FiUser,
} from "react-icons/fi";
import { SiAirbnb } from "react-icons/si";
@mccaffers
mccaffers / forwarder.mjs
Last active September 29, 2025 07:51
AWS Lambda Request Forwarder
'use strict'
import http from "https";
import zlib from "zlib";
/* global atob */
function queryString (kvPairs) {
const result = []
for (let key in kvPairs) {
@hyperupcall
hyperupcall / settings.jsonc
Last active October 11, 2025 12:44
VSCode config to disable popular extensions' annoyances (telemetry, notifications, welcome pages, etc.)
// I'm tired of extensions that automatically:
// - show welcome pages / walkthroughs
// - show release notes
// - send telemetry
// - recommend things
//
// This disables all of that stuff.
// If you have more config, leave a comment so I can add it!!
{
@jab3z
jab3z / log_io.py
Last active October 9, 2022 07:29
Python decorator for logging the input and output of a class method
import inspect
import logging
from functools import wraps
from typing import Callable
def log_io(log_input=False, log_output=False) -> Callable:
"""
Logs the input/output of the decorated method.
Must be explicitly called with input=True and/or output=True
@ramkumarvenkat
ramkumarvenkat / dreamland.md
Last active August 3, 2025 06:28
Dreamland technical question

Dreamland is a new age AI+metaverse company and has a concept of games, where every user can play these games with AI agents and win DREAM tokens multiple times a day. A user can win upto 5 DREAM tokens on a single day.

DREAM tokens are a virtual currency and have a real monetary value. At the end of every hour, the tokens won by the user are converted to USD by calling a third-party API that provides the rate (for the assignment, we can hardcode to 15 cents per token).

Every time a user is issued a token and it gets converted to USD, there will be fees which we need to keep track of (the user will not bear the fees, but Dreamland will)

In the backend, there are double-entry accounting ledgers that keep track of a user's tokens, the current USD value and the fees.

Imagine you are building APIs for Dreamland: