Skip to content

Instantly share code, notes, and snippets.

View brlin-tw's full-sized avatar
:octocat:
Loading status...

林博仁 Buo-ren Lin brlin-tw

:octocat:
Loading status...
143 followers · 30 following
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active April 24, 2025 04:34
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@Sporif
Sporif / kwin-input-devices
Last active April 5, 2025 20:42
Enable or disable input devices on KDE
#!/usr/bin/env bash
# Copyright 2025 Amine Hassane
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
@smx-smx
smx-smx / XZ Backdoor Analysis
Last active February 26, 2025 01:17
[WIP] XZ Backdoor Analysis and symbol mapping
XZ Backdoor symbol deobfuscation. Updated as i make progress
@thesamesam
thesamesam / xz-backdoor.md
Last active April 7, 2025 09:15
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@jflemer
jflemer / install-wine-addon.sh
Created April 8, 2023 15:13
Helper script to install wine-mono and wine-gecko msi files globally (in wine share dir)
#!/bin/bash
# usage: install-wine-addon.sh { mono | gecko }
# keywords: wine-mono wine-gecko msi share/wine/mono share/wine/gecko
go() {
local pkg="$1"
local wineexe=$(readlink /usr/bin/wine)
# e.g. /opt/wine-devel/bin/wine
@wynnchel
wynnchel / x-resize
Created September 8, 2022 06:18 — forked from 3lpsy/x-resize
Manual Implementation of Auto Resizing For Non-Gnome Environments (like XFCE) running under Spice/Libvirt
#!/bin/bash
# Steps:
# 1) Make sure bash is available
# 2) Create udev rule
# - path to new udev rule: /etc/udev/rules.d/50-x-resize.rules
# - udev rule content:
# ACTION=="change",KERNEL=="card0", SUBSYSTEM=="drm", RUN+="/usr/local/bin/x-resize"
# 3) Create /var/log/autores directory
# 4) Create script /usr/local/bin/x-resize (this file) and make executable
# 5) Reload udev rules with `sudo udevadm control --reload-rules`
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active February 7, 2025 23:49
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@leuc
leuc / amdgpu_metrics.py
Last active April 22, 2025 21:32
Decode AMD GPU Metrics from SysFS
#!/usr/bin/env python3
#
# SPDX-License-Identifier: GPL-3.0-or-later
#
# amdgpu_metrics.py decode amdgpu metrics from sysfs
# Copyright (C) 2021 leuc
#
# This program is free software: you can redistribute it and/or modify it under the
# terms of the GNU Affero General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
@cruepprich
cruepprich / firewall.md
Created October 15, 2021 16:28
[How to Allow HTTP and HTTPS Services in FirewallD] #linux

https://tecadmin.net/allow-http-service-firewalld/ Written by Rahul, Updated on March 23, 2020

FirewallD is a firewall management solution for most of the Linux distributions. You can directly allow/deny ports using the service name with Firewalld. When used services name to allow/deny, it uses /etc/services file to find corresponding port of the service. This tutorial help you to open port for HTTP (80) and HTTPS (443) services via the firewall-cmd command line.

Allow HTTP/s in Firewalld

@nitred
nitred / optimal_mtu.md
Last active April 17, 2025 06:34
Wireguard Optimal MTU

About

  • I faced bandwidth issues between a WG Peer and a WG server. Download bandwidth when downloading from WG Server to WG peer was reduced significantly and upload bandwidth was practically non existent.
  • I found a few reddit posts that said that we need to choose the right MTU. So I wrote a script to find an optimal MTU.
  • Ideally I would have liked to have run all possible MTU configurations for both WG Server and WG Peer but for simplicity I choose to fix the WG Server to the original 1420 MTU and tried all MTUs from 1280 to 1500 for the WG Peer.

Testing

  • On WG server, I started an iperf3 server
  • On WG peer, I wrote a script that does the following:
    • wg-quick down wg0
  • Edit MTU in the /etc/wireguard/wg0.conf file