Brut Security pinned Β«π¨ Brut Security | Feb 2026 β Enrollments Open π¨ Ready to step into cybersecurity the right way? π₯ Courses Available β’ Ethical Hacking β’ Web Penetration Testing β’ Bug Bounty Hunting β’ SOC / SIEM (Blue Team) π» Live training + practical labs π§ Real-world attackβ¦Β»
Argus: A Python-based toolkit for Information Gathering & Reconnaissance #OSINT
GitHub: github.com/jasonxtn/Argus
GitHub: github.com/jasonxtn/Argus
β€7π2
This media is not supported in your browser
VIEW IN TELEGRAM
π¨ CVE-2026-22794: Critical Appsmith Flaw Allows Account Takeover.
π₯PoC -https://github.com/appsmithorg/appsmith/security/advisories/GHSA-7hf5-mc28-xmcv
π₯PoC -https://github.com/appsmithorg/appsmith/security/advisories/GHSA-7hf5-mc28-xmcv
β€5
Hey Hunter's,
DarkShadow is here back again!
hunting backup is a underestimate vulnerability which missed by many bug bounty hunters.
Find API endpoints via reading js or api documentation (if available). Then play with various request methods (e g. GET, POST)
also you might use my this provided simple and effective Wordlist:
ο»Ώ
Guys I'll soon upload a detailed write-up about "Google Authenticator" workflow fundamentals and chain reaction for bypass it. Until show your love β€οΈ
#bugbountytips #missconfig
DarkShadow is here back again!
hunting backup is a underestimate vulnerability which missed by many bug bounty hunters.
Find API endpoints via reading js or api documentation (if available). Then play with various request methods (e g. GET, POST)
also you might use my this provided simple and effective Wordlist:
/api/v1/backup/create
/api/v1/backup/export
/api/v1/backup/download/{id}
/api/v1/backup/restore
/api/v1/backup/schedule
/api/v1/backup/config
/api/setup/backup
/api/admin/system/backup/run
/api/manage/backup/snapshot
/api/settings/maintenance/backup
/api/system/export-data
/api/db/backup/start
/api/db/dump
/api/v1/database/snapshot
/api/v1/sql/backup
/api/v1/storage/archive
/api/v1/sync/backup
/api/v1/volumes/{id}/snapshot
/api/v1/backups/checkpoints
ο»Ώ
Guys I'll soon upload a detailed write-up about "Google Authenticator" workflow fundamentals and chain reaction for bypass it. Until show your love β€οΈ
#bugbountytips #missconfig
π₯11β€3π3
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - Jvr2022/CVE-2026-23745: Proof of Concept for CVE-2026-23745: Arbitrary File Overwrite vulnerability in node-tar (versionsβ¦
Proof of Concept for CVE-2026-23745: Arbitrary File Overwrite vulnerability in node-tar (versions < 7.5.3). - Jvr2022/CVE-2026-23745
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯5
100+ N8N Security workflow & automationβ¨
For Red/Blue/AppSec workflows, integrations, and ready-to-run playbooks.
https://github.com/0xSojalSec/n8n-Red-Blue-AppSec-workflows
#infosec #cybersec #bugbounty
For Red/Blue/AppSec workflows, integrations, and ready-to-run playbooks.
https://github.com/0xSojalSec/n8n-Red-Blue-AppSec-workflows
#infosec #cybersec #bugbounty
π₯9β€2
Hey everyone! Weβve officially updated the Brut Security branding. We wanted something more minimal, eye-catching, and "cyber."
Check out the new orange-red glow. Does it hit the mark for you?
Drop a π₯ if you love it, or let us know your thoughts in the comments!
Check out the new orange-red glow. Does it hit the mark for you?
Drop a π₯ if you love it, or let us know your thoughts in the comments!
1π₯21β€4π€4
π Google released Net-NTLMv1 rainbow tables that enable cracking password hashes in under 12 hours using consumer hardware.
π Learn more here
π Learn more here
π₯3π2
Please open Telegram to view this post
VIEW IN TELEGRAM
Discord
Join the Brut Security Discord Server!
Check out the Brut Security community on Discord - hang out with 971 other members and enjoy free voice and text chat.
Please open Telegram to view this post
VIEW IN TELEGRAM
WhatsApp.com
Brut Security
Business Account
Brut Security pinned Β«β‘οΈ A new Web Penetration Testing batch is starting next Tuesday at 4 PM IST. π If youβre interested, please DM me. Special discounts are available, including a student discount. π The class language will be Bengali. π’ DM on WhatsApp- +918945971332Β»
β’ Faster intel
β’ Cleaner signals
β’ Better targets
Please open Telegram to view this post
VIEW IN TELEGRAM
β€6π1
Hey Hunter's,
DarkShadow is here back again!
π₯SQL injection in json endpointπ
Always be check json, js endpoints for SQLi. Make sure you check blind base injections. Cause here only possible blind base injections.
#sqli #bugbountytips
DarkShadow is here back again!
π₯SQL injection in json endpointπ
Always be check json, js endpoints for SQLi. Make sure you check blind base injections. Cause here only possible blind base injections.
#sqli #bugbountytips
πΏ5π2β€1π₯1
To the Brut Security Community: Saraswati Puja is a celebration of learning, and in our field, learning never stops. May your curiosity be endless, your logic be sharp, and your thirst for knowledge lead you to mastery.
Wishing you a powerful and blessed Saraswati Puja. Letβs keep building, keep breaking, and keep learning.
Wishing you a powerful and blessed Saraswati Puja. Letβs keep building, keep breaking, and keep learning.
β€11π₯1
βΎBug Bounty Tip: Bypassing WAFs for Stored XSS via ASCII-Hex Encoded PDF Payloads
β‘οΈMany platforms allow users to upload PDFs that get previewed/rendered directly in the browser (often using libraries like PDF.js in Firefox, Chrome extensions, embedded viewers, or custom implementations).
A clever trick for Stored XSS (or Blind XSS variants):
1. Craft a classic XSS payload (e.g., one that executes alert(document.domain) or exfiltrates cookies/tokens).
2. Encode the entire malicious JavaScript as ASCII hex (each character β \xHH format).
3. Embed it inside a tiny/valid PDF structure that triggers execution during font/glyph rendering or object parsing in vulnerable PDF renderers.
4. Upload the PDF to a target feature that stores and previews user-uploaded documents (profile, reports, tickets, resumes, invoices, shared files, etc.).
5. When a victim (admin, user, or support) previews/opens the PDF in a vulnerable renderer β XSS fires in the context of the PDF viewer.
β‘οΈKey advantages:
- Many WAFs / upload filters / content scanners completely miss it because it's not a classic <script> or HTML β it's binary-ish PDF content with hex-encoded JS.
- Can be tuned for Stored β persistent until deleted.
- Can be adapted for Blind XSS β exfiltrate to your server instead of alert().
π¬Real-world notes from hunters:
- Works especially well against PDF.js-based previews (Firefox default, many web apps embed it).
- Reference: Similar to behavior seen in CVE-2024-4367 (arbitrary JS exec in PDF.js via font handling path).
- Impact varies:
- Self-XSS / low-priv user alert β usually P4βP5 or Informational.
- Admin views it β potential session theft / higher severity (P2βP3 possible if you can prove escalation).
- Some programs reject pure alert() PoCs in sandboxed viewers (no cookie access in most cases) β demonstrate real impact (e.g., redirect, keylogger, token exfil) or target-specific quirks.
- Pro tip: Test on your primary programs that have PDF preview/generation features β many still do!
β‘οΈResources to start:
- Repo with example payloads: https://github.com/orwagodfather/XSS-Payloads
- Edit payloads easily in Notepad++ (hex view or find/replace).
Happy hunting β stay ethical & report responsibly! π
Photo Credit- Orwa
#bugbountytip #bugbounty #xss #websecurity #pdfxss
β‘οΈMany platforms allow users to upload PDFs that get previewed/rendered directly in the browser (often using libraries like PDF.js in Firefox, Chrome extensions, embedded viewers, or custom implementations).
A clever trick for Stored XSS (or Blind XSS variants):
1. Craft a classic XSS payload (e.g., one that executes alert(document.domain) or exfiltrates cookies/tokens).
2. Encode the entire malicious JavaScript as ASCII hex (each character β \xHH format).
3. Embed it inside a tiny/valid PDF structure that triggers execution during font/glyph rendering or object parsing in vulnerable PDF renderers.
4. Upload the PDF to a target feature that stores and previews user-uploaded documents (profile, reports, tickets, resumes, invoices, shared files, etc.).
5. When a victim (admin, user, or support) previews/opens the PDF in a vulnerable renderer β XSS fires in the context of the PDF viewer.
β‘οΈKey advantages:
- Many WAFs / upload filters / content scanners completely miss it because it's not a classic <script> or HTML β it's binary-ish PDF content with hex-encoded JS.
- Can be tuned for Stored β persistent until deleted.
- Can be adapted for Blind XSS β exfiltrate to your server instead of alert().
π¬Real-world notes from hunters:
- Works especially well against PDF.js-based previews (Firefox default, many web apps embed it).
- Reference: Similar to behavior seen in CVE-2024-4367 (arbitrary JS exec in PDF.js via font handling path).
- Impact varies:
- Self-XSS / low-priv user alert β usually P4βP5 or Informational.
- Admin views it β potential session theft / higher severity (P2βP3 possible if you can prove escalation).
- Some programs reject pure alert() PoCs in sandboxed viewers (no cookie access in most cases) β demonstrate real impact (e.g., redirect, keylogger, token exfil) or target-specific quirks.
- Pro tip: Test on your primary programs that have PDF preview/generation features β many still do!
β‘οΈResources to start:
- Repo with example payloads: https://github.com/orwagodfather/XSS-Payloads
- Edit payloads easily in Notepad++ (hex view or find/replace).
Happy hunting β stay ethical & report responsibly! π
Photo Credit- Orwa
#bugbountytip #bugbounty #xss #websecurity #pdfxss
π«‘7π₯5β€2
Please open Telegram to view this post
VIEW IN TELEGRAM
1π₯9π6β€1π1