Skip to content

Instantly share code, notes, and snippets.

View subdavis's full-sized avatar
♨️
KILN

Brandon Davis subdavis

♨️
KILN
155 followers · 226 following
View GitHub Profile
@hackermondev
hackermondev / writeup.md
Last active January 1, 2026 03:11
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)

@Firsh
Firsh / lwp-cloudflare-dyndns.sh
Last active April 23, 2025 15:56
Cloudflare as Dynamic DNS
#!/bin/bash
# Cloudflare as Dynamic DNS
# From: https://letswp.io/cloudflare-as-dynamic-dns-raspberry-pi/
# Based on: https://gist.github.com/benkulbertis/fff10759c2391b6618dd/
# Original non-RPi article: https://phillymesh.net/2016/02/23/setting-up-dynamic-dns-for-your-registered-domain-through-cloudflare/
# Update these with real values
auth_email="email@example.com"
auth_key="global_api_key_goes_here"
zone_name="example.com"
@staaldraad
staaldraad / webdavserv.go
Last active May 23, 2025 12:39
A small webdav server in go
package main
import (
"flag"
"fmt"
"log"
"net/http"
"os"
"golang.org/x/net/webdav"
@carymrobbins
carymrobbins / setup-postgresql-vagrant.md
Last active May 4, 2023 10:22
Configure PostgreSQL in a Vagrant guest to allow connections from the host.

Configure Postgres

  • Update pg_hba.conf (most likely in /etc/postgresql/9.4/main) with -
    • host all all 0.0.0.0/0 trust
  • Update postgresql.conf to use listen_addresses = '*'
  • Be sure to sudo service postgresql restart

Configure Vagrant

@dchest
dchest / salsa20.js
Last active August 16, 2025 16:02
/*
IMPORTANT!!! DO NOT USE THIS. It works, but you'll probably get it wrong,
because it must be keyed with at least 128 bits of entropy, and where
do you get this entropy, huh?
- In a browser, you get it from window.crypto.getRandomValues().
- In Node, you get it from crypto.randomBytes()
Now LOOK AT YOU! You already have secure ways to generate random bytes,
@MohamedAlaa
MohamedAlaa / tmux-cheatsheet.markdown
Last active December 31, 2025 22:19
tmux shortcuts & cheatsheet

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname
@geoffb
geoffb / simple_websocket_client.html
Created October 7, 2010 23:37
Super simple websockets client/server using Python. Compatible with the draft 76 challenge/response.
<!DOCTYPE html>
<html lang="en">
<head>
<title>WebSocket Client</title>
<style>
#output {
border: solid 1px #000;
}
</style>
</head>
@jeffrafter
jeffrafter / handler.js
Created April 2, 2010 20:59
Simple HTTP Server and Router in node.js
exports.createHandler = function (method) {
return new Handler(method);
}
Handler = function(method) {
this.process = function(req, res) {
params = null;
return method.apply(this, [req, res, params]);
}
}
@hallettj
hallettj / global-variables-are-bad.js
Created February 14, 2009 21:15
How and why to avoid global variables in JavaScript
// It is important to declare your variables.
(function() {
var foo = 'Hello, world!';
print(foo); //=> Hello, world!
})();
// Because if you don't, the become global variables.
(function() {