hackermondev

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

miXwui

Note: this is an ongoing process which I'm documenting here. Semi-experimental, but this is my daily driver machine since September 2021 (work included), so I'm aiming for stability (hence why I'm not using the recommended Fedora 39 Beta).

Upgraded from an Intel i7-1165G7 to AMD 7080U mainboard:

• 64GB (2x32GB) G.Skill F5-5600S4040A32GX2-RS
  • Have an SK Hynix 16GB (2x8GB) 4800MHz (HMCG66MEBSA095N BA) kit that I'll test just to see power draw difference.
• SK hynix Gold P31 2TB PCIe NVMe Gen3 M.2 2280

These notes are for Fedora 38 6.5.8-200.fc38.x86_64 with SwayWM.

Booted into Fedora with BIOS 3.02 and seemed fine. First thing I did was upgrade to 3.03.