Skip to content

Instantly share code, notes, and snippets.

View Neos21's full-sized avatar
:octocat:
https://neos21.net/

Neos21 Neos21

:octocat:
https://neos21.net/
330 followers · 2.2k following
View GitHub Profile
@emdnaia
emdnaia / fdtable_intmax_poc.c
Created October 20, 2025 00:03
/*
## File Descriptor INT_MAX Overflow
----
- Info:
Tweet: https://x.com/spendergrsec/status/1958264076162998771
Ref: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04a2c4b4511d186b0fce685da21085a5d4acd370
@avestura
avestura / delete-from-users-where-location-iran.md
Last active October 30, 2025 10:23
DELETE FROM users WHERE location = 'IRAN';

DELETE FROM users WHERE location = 'IRAN';

Hi! I am an Iranian Software Engineer, and in this torn paper note, I want to talk about some funny moments I had online related to the fact that I was spawned in this specific region of the world: Iran.

Microsoft deleted my app, ignored my mails

Back when I was a student, I got access to the Microsoft Imagine, and as a result, I got access to the Microsoft Store as a developer. This inspired me write one of my open-source projects called EyesGuard and publish it on Microsoft Store. However, one day, somebody told me that they can no longer find EyesGuard on the store.

@haturatu
haturatu / pacman-install-list
Created September 13, 2025 08:06
thepassenger:[haturatu]:~$ pacman -Qe
7zip 25.01-1
acpi 1.8-2
acpid-openrc 20210506-1
alsa-firmware 1.2.4-4
amd-ucode 20250808-1
archlinux-keyring 20250807.1-1
aria2 1.37.0-2
ark 25.08.1-1
artix-branding-base 20250816-2
@cyanolupus
cyanolupus / README.md
Created July 1, 2025 18:20
jikobu

使い方

一つのフォルダ内にすべてのファイルを入れ、好きな BGM を用意して audio/bgm.mp3 として作成する Chrome から拡張機能として読み込む

@mizchi
mizchi / post-cline-world.md
Last active August 31, 2025 16:10
After Cline - あるいは語りえぬ者について語ろうとする時代について

After Cline - あるいは語りえぬ者について語ろうとする時代について

この資料は以下のイベントの登壇用の殴り書きです

https://hack-at-delta.connpass.com/event/350588/

今までの資料を引用して話すので、この資料はアウトラインです。

最初に: 自分の技術選定の基準

@zachlatta
zachlatta / almost_pwned.md
Last active October 24, 2025 09:41

g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.

  1. Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.

  2. They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.

  3. I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in

@hackermondev
hackermondev / research.md
Last active November 18, 2025 01:08
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@ogadra
ogadra / README.md
Last active January 2, 2025 12:38
RaycastのSnippetsで絵文字を出すやつ

これはなに

RaycastのSnippetsを利用して、絵文字スニペットに対応していないアプリケーションでも絵文字を:hoge:の形式で出せるようにする設定ファイルです。

設定方法

RaycastのImport Snippetsより、emoji_aliases.jsonを読み込みます。

使い方

@hitalin
hitalin / flake.nix
Created November 19, 2024 22:49
set misskey development environment by nix flake
{
description = "Misskey development environment";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, flake-utils }:
flake-utils.lib.eachDefaultSystem (system:
@philschmid
philschmid / openai_meta.txt
Created October 2, 2024 06:38
Leaked meta prompt, seen at https://x.com/amebagpt/status/1841177927569838519
Understand the Task: Grasp the main objective, goals, requirements, constraints, and expected output.
- Minimal Changes: If an existing prompt is provided, improve it only if it's simple. For complex prompts, enhance clarity and add missing elements without altering the original structure.
- Reasoning Before Conclusions: Encourage reasoning steps before any conclusions are reached. ATTENTION! If the user provides examples where the reasoning happens afterward, REVERSE the order! NEVER START EXAMPLES WITH CONCLUSIONS!
- Reasoning Order: Call out reasoning portions of the prompt and conclusion parts (specific fields by name). For each, determine the ORDER in which this is done, and whether it needs to be reversed.
- Conclusion, classifications, or results should ALWAYS appear last.
- Examples: Include high-quality examples if helpful, using placeholders [in brackets] for complex elements.
- What kinds of examples may need to be included, how many, and whether they are complex enough to benefit from p