hackermondev / research.md

Last active May 5, 2025 03:30

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

ilap / shelley_staking_ledger_addr_gen.md

Last active October 30, 2024 20:12

Extracting Pool Staking keys from Ledger wallet

Introduction for Ledger wallet based addresses

DISCLAIMER: NO WARRANTY EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK

UPDATED: 16:51pm AEST 09/Aug/2020

There are two keypairs that are required to register a pool:

reward account (costs and rewards) and
owner stake (pledge) keypair.

ilap / shelley_cold_key_gen.md

Last active December 29, 2021 14:25

Shelley Cold Key Generation

Shelley Cold Key Generation Proof of Concept. Node.js is required for this PoC.

It's compatible /w cardano-node v1.16.0

Install

package.json

Smaug SmaugPool

Cloudflare

Introduction for Ledger wallet based addresses

Shelley Cold Key Generation

Install