Skip to content

Instantly share code, notes, and snippets.

View dchest's full-sized avatar
☮️

Dmitry Chestnykh dchest

☮️
530 followers · 66 following
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active April 19, 2025 04:39
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@IanColdwater
IanColdwater / twittermute.txt
Last active April 14, 2025 16:31
Here are some terms to mute on Twitter to clean your timeline up a bit.
Mute these words in your settings here: https://twitter.com/settings/muted_keywords
ActivityTweet
generic_activity_highlights
generic_activity_momentsbreaking
RankedOrganicTweet
suggest_activity
suggest_activity_feed
suggest_activity_highlights
suggest_activity_tweet
@keleshev
keleshev / base_vs_stdlib.md
Last active December 19, 2024 10:02

Comparision of JaneStreet Base and OCaml Stdlib

How to use Base

Either use Base selectively:

# #show List.hd;;
@atoponce
atoponce / rates.md
Last active March 16, 2025 03:59
Verifiable brute force strength rates across different projects

Verifiable brute force strength

Below are table of various projects that can completely exhaust n-bits of keyspace. In other words, counting completely and fully from 0 to 2ⁿ-1.

This Gist implies no discussion about how this is relevant to quantum computing using Grover's algorithm, meet-in-the-middle or birthday attacks, or anything of the like. It's strictly a Gist about raw speed, measuring the result in bits.

If you know of other noteworthy and verifiable brute force searching projects,

@rcarmo
rcarmo / bt-agent.service
Last active February 19, 2025 12:57
Set up PAN networking on Raspbian Stretch (use sudo to create these files and run all commands)
# in /etc/systemd/system
[Unit]
Description=Bluetooth Agent
[Service]
ExecStart=/usr/bin/bt-agent -c NoInputNoOutput
Type=simple
[Install]
WantedBy=multi-user.target
@chrispsn
chrispsn / kOS.md
Last active June 1, 2024 12:38
A summary of everything we know about kOS.
@tim-field
tim-field / useRouter.js
Last active June 23, 2023 01:20
Hooks Router
import { useEffect, useState } from "react"
import { createBrowserHistory } from "history"
const history = createBrowserHistory()
const toLocation = path => new URL(path, window.location.href)
// without this react won't re-render as location is the same object
// @see https://reactjs.org/docs/hooks-reference.html#bailing-out-of-a-state-update
const cloneLocation = () => Object.assign({}, window.location)
@peterc
peterc / pg_available_extensions.txt
Created February 14, 2019 18:40
Which Postgres extensions are available on DigitalOcean's new managed PostgreSQL service?
defaultdb=> SELECT * FROM pg_available_extensions;
name | default_version | installed_version | comment
------------------------------+-----------------+-------------------+---------------------------------------------------------------------------------------------------------------------
aiven_extras | 1.0.2 | | aiven_extras
plpgsql | 1.0 | 1.0 | PL/pgSQL procedural language
btree_gist | 1.5 | | support for indexing common datatypes in GiST
tcn | 1.0 | | Triggered change notifications
seg | 1.3 | | data type for representing line segments or floating-point intervals
pgrowlocks | 1.2 |
@atoponce
atoponce / examples.md
Last active June 23, 2023 18:15
Best practices for examples in documentation

Reserved Examples

Below are examples for best practices that have been set aside specifically for writing documentation, fictional stories, source code, or anything else where an example needs to be given without the fear of resolving to an actual phone number, domain, website, etc.

Domain Names

In 1999, the "example.com" domains have been set aside by the IETF in RFC 2606 and updated in RFC 6761 specifically for documentation and source code. They include example.com, example.net, and example.org. The example.edu domain was added by ICANN in 2000. Later, the ".example" top-level domain name has since been added explicitly for documentation purposes. While the pseudo-top-level domain ".local" carries no meaning, it is commonly deployed in multicast DNS, local DNS, and private networks. While it too could be used for documentation, it's better left alone, and to use the "example.com" and ".example" domains.

However, "test" [re

@enricofoltran
enricofoltran / main.go
Last active April 6, 2025 09:48
A simple golang web server with basic logging, tracing, health check, graceful shutdown and zero dependencies
package main
import (
"context"
"flag"
"fmt"
"log"
"net/http"
"os"
"os/signal"