Breaking stuff

PikaChu cyberheartmi9

Breaking stuff

Security Engineer work as Freelancer Full Time Pentest Web application & Mobile application & code review (Java , php , Python) | OSCE3|OSCP|CRTL|CRTE

410 followers · 29 following

Freelancer
127.0.0.1
00:05 (UTC +03:00)
https://intx0x80.blogspot.com/
@intx0x80
in/intx0x80

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

cyberheartmi9 / MS-Exchange-Pentesting-Cheat-Sheet-v3.md

Created May 3, 2026 21:30

MS Exchange Pentesting Cheat Sheet v3

Sources:
[1] Attacking MS Exchange Web Interfaces – PT SWARM (2020)
[2] Arseniy Sharoglazov – Practical Use Cases of Exploiting MS Exchange in External Penetration Tests (PositiveHack Talks Hanoi, Nov 2024)
[3] CVE research + real-world campaign analysis (2021–2025)
Scope: External/Internal authorized penetration testing of on-premises MS Exchange
Warning: For authorized engagements only.

cyberheartmi9 / Exploit-Development.md

Created August 26, 2025 12:26

🔧 Exploit Development

🛠️ Software Exploitation

pwn.college - Software Exploitation

⚙️ Assembly (Linux)

SecurityTube - Assembly Primer For Hackers

🖥️ Assembly (Windows)

SecurityTube - Windows Assembly Language Megaprimer

cyberheartmi9 / test.pdf

Created March 11, 2025 09:37

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

cyberheartmi9 / kony.js

Created September 4, 2024 10:50

	Java.perform(() => {
	var inc = 0;

	function waitForLibrary(name, callback) {
	var lib = null;
	var interval = setInterval(() => {
	try {
	lib = Module.ensureInitialized(name);
	console.log(`[+] ${name} is loaded`);
	clearInterval(interval);

cyberheartmi9 / tmux.conf

Created February 22, 2024 23:01

	unbind C-b
	set-option -g prefix C-a
	bind-key C-a send-prefix
	bind \| split-window -h
	bind - split-window -v
	unbind '"'
	unbind %
	bind r source-file ~/.tmux.conf

cyberheartmi9 / gist:c296202c4428b65173b870da8b53a386

Created January 7, 2024 18:51 — forked from tehseensagar/gist:d82931fa8427b3b8a8825714b5b113c4

SQLi WAF Bypass All Method

	`-=[SQL injection Queries]=-

	HOW TO SUCCESSFULLY INJECTING SQL INJECTION

	[~] after id no. like id=1 +/!and/+1=0 [~]
	EX: site.com?index.php?pageid=3 div+0 Union select 1,version(),3,4,5

	+div+0
	+div false
	+Having+1=0+

cyberheartmi9 / XSS-To-RCE.py

Created September 3, 2023 20:47

OSWE Like Machine: https://pentesterlab.com/exercises/xss_and_mysql_file/course

	import requests
	import socket
	import sys
	import random
	import string



	banner="""

cyberheartmi9 / Tudo-exploit.py

Last active September 1, 2023 12:59

Tudo Exploit OSWE Like Machine : https://github.com/bmdyy/tudo/tree/main

	import requests
	import sys
	import re
	import random
	import string
	import socket
	import time


	proxies={"http":"127.0.0.1:8080"}

cyberheartmi9 / SecureCode-1.py

Last active July 9, 2023 20:40

SecureCode-1: https://www.vulnhub.com/entry/securecode-1,651/

	import requests
	import sys
	import re
	import random
	import string


	banner="""

cyberheartmi9 / ssl-pinning-root-bypass.js

Created June 5, 2023 05:07

	// $ frida -l antiroot.js -U -f com.example.app --no-pause
	// CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh):
	// - I added extra whitelisted items to deal with the latest versions
	// of RootBeer/Cordova iRoot as of August 6, 2019
	// - The original one just fucked up (kill itself) if Magisk is installed lol
	// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
	// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
	Java.perform(function() {

	var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",

NewerOlder