Skip to content
View kleiton0x00's full-sized avatar
Burning my $2.5m 0-day Instagram Auth Bypass because your gf cheated on you.
Burning my $2.5m 0-day Instagram Auth Bypass because your gf cheated on you.


  • Pro
Block or Report

Block or report kleiton0x00

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Welcome to my profile ~ Kleiton Kurti ~ kleiton0x00

LinkedIn GitHub

Check out my blog at!

About Me

I'm Kleiton Kurti, a security researcher living in Austria, AT.

I am a self-taught Infosec guy from Albania. In my free time I like to do security researches, solve CTFs and publish infosec articles about uncommon and creative bugs I find during pentesting engagements as well as creating tools related to Web Security and Malware Development because of my passion for contributing to the infosec community.

In free time I like solving CTF Challenges, specifically on HackTheBox platform. You can find me here.

Languages and Tools

Nerdy Stats

kleiton0x00's github stats Top Langs

Pinned Loading

  1. ppmap ppmap Public

    A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

    Go 480 68

  2. Advanced-SQL-Injection-Cheatsheet Advanced-SQL-Injection-Cheatsheet Public

    A cheat sheet that contains advanced queries for SQL Injection of all types.

    2.8k 648

  3. RedditC2 RedditC2 Public

    Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.

    Python 249 42

  4. Proxy-DLL-Loads Proxy-DLL-Loads Public

    A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.

    C 310 37