hackermondev

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

tyluudinh

class TicketBox {
  eventId = null;
  bookingId = null;
  order = null;
  recapchaKey = null;
  resultStep1 = {};
  resultStep2 = {};
  resultStep3 = {};
  email = null;
  phoneNumber = null;

barbixxxa

1. Download the latest JDK(jdk-11.0.5_linux-x64_bin.tar.gz) from the official site
2. sudo mkdir /usr/lib/jvm
3. cd /usr/lib/jvm
4. sudo tar -xvzf ~/Downloads/jdk-11.0.5_linux-x64_bin.tar.gz
5. sudo nano /etc/environment
6. Edit the PATH and add the JAVA_HOME

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/lib/jvm/jdk-11/bin"
JAVA_HOME="/usr/lib/jvm/jdk-11"

JLLeitschuh

Safer-Eval Sandbox Escape POC

safer-eval is a node JS library that supposedly provides a 'safe' way to 'eval' untrusted javascript.

As the maintainer warns in the README:

Warning: The saferEval function may be harmful - so you are warned!

However, it is still used by various libraries to parse/execute untrusted code in such a way that there is an implied