π¨ Brut Security | March 2026 β Enrollments Open π¨
Ready to step into cybersecurity the right way?
π₯ Courses Available
β’ Ethical Hacking
β’ Web Penetration Testing
β’ Bug Bounty Hunting
β’ SOC / SIEM (Blue Team)
π» Live training + practical labs
π§ Real-world attack & defense mindset
π― Limited seats only
π Batch Starts: February 2026
If youβre serious about skills, not certificates β this is for you.
π© DM Brut Security to enroll
Ready to step into cybersecurity the right way?
π₯ Courses Available
β’ Ethical Hacking
β’ Web Penetration Testing
β’ Bug Bounty Hunting
β’ SOC / SIEM (Blue Team)
π» Live training + practical labs
π§ Real-world attack & defense mindset
π― Limited seats only
π Batch Starts: February 2026
If youβre serious about skills, not certificates β this is for you.
π© DM Brut Security to enroll
β€8
Hey Hunter,
DarkShadow here back again!
Sensitive Information Leak via api call
Severity: 9.1
From /api/contact an unauthenticated user can view all the private messages which only can show from Admin Panel.
tip:
always collect /api/ endpoints and try GET, POST etc methods.
if you guyβs really enjoy to read such methods, react β€οΈ
DarkShadow here back again!
Sensitive Information Leak via api call
Severity: 9.1
From /api/contact an unauthenticated user can view all the private messages which only can show from Admin Panel.
tip:
always collect /api/ endpoints and try GET, POST etc methods.
if you guyβs really enjoy to read such methods, react β€οΈ
β€28π₯8π€¨3π2
Please open Telegram to view this post
VIEW IN TELEGRAM
β€24π₯13π4π’4
WEB APPLICATION VULNERABILITY GUIDE.pdf
37.4 KB
Please open Telegram to view this post
VIEW IN TELEGRAM
β€16π1
BB Tip: Finding Potential SSRF Endpoints During Recon
SSRF often hides in plain sight. Many applications accept URLs or file paths as parameters, and those become prime targets.
A simple trick during recon is mining historical URLs and filtering parameters that typically fetch remote resources.
Example workflow:
What this does:
β’ Pulls archived endpoints from Wayback Machine
β’ Filters parameters commonly used for external requests
β’ Helps you quickly identify SSRF-like parameters
You will often find endpoints like:
Once you find them, start testing with payloads such as:
If the server makes the request on your behalf, you might have an SSRF.
Small recon tricks like this save hours of manual hunting.
#bugbounty #bugbountytips #ssrf #recon #pentesting #cybersecurity
SSRF often hides in plain sight. Many applications accept URLs or file paths as parameters, and those become prime targets.
A simple trick during recon is mining historical URLs and filtering parameters that typically fetch remote resources.
Example workflow:
echo "target.com" | waybackurls | grep -E "url=|uri=|path=|dest=|redirect=|window=|next=|target=|file=|html=|data=|reference="
What this does:
β’ Pulls archived endpoints from Wayback Machine
β’ Filters parameters commonly used for external requests
β’ Helps you quickly identify SSRF-like parameters
You will often find endpoints like:
/showimage.php?file=
/redirect?url=
/api/fetch?uri=
/download?path=
Once you find them, start testing with payloads such as:
http://127.0.0.1
http://169.254.169.254
http://burp-collaborator
If the server makes the request on your behalf, you might have an SSRF.
Small recon tricks like this save hours of manual hunting.
#bugbounty #bugbountytips #ssrf #recon #pentesting #cybersecurity
β€13π₯4π1
Claude Bug Bounty Hunter - Claude Code skill for AI-assisted bug bounty hunting - recon, IDOR, XSS, SSRF, OAuth, GraphQL, LLM injection, and report generation
https://github.com/shuvonsec/claude-bug-bounty
https://github.com/shuvonsec/claude-bug-bounty
π₯15β€6π±3πΏ3
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯2
π₯ FREE for the first 20 people β no catch.
I just launched the Bug Bounty Masterclass PDF on Topmate.
Built for absolute beginners. No fluff. No theory for the sake of theory. Just the exact process real hunters use.
βββββββββββββββ
π FIRST 20 GET IT FREE
βββββββββββββββ
Use coupon code: 1awe
π
https://topmate.io/saumadip/2009859?coupon_code=1awe
Share with anyone learning cybersecurity π
β Saumadip | Brut Security
@brutsecurity
I just launched the Bug Bounty Masterclass PDF on Topmate.
Built for absolute beginners. No fluff. No theory for the sake of theory. Just the exact process real hunters use.
βββββββββββββββ
π FIRST 20 GET IT FREE
βββββββββββββββ
Use coupon code: 1awe
π
https://topmate.io/saumadip/2009859?coupon_code=1awe
Share with anyone learning cybersecurity π
β Saumadip | Brut Security
@brutsecurity
β€9π’3
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2026-25769 - Remote Code Execution via Insecure Deserialization in Wazuh Cluster
https://github.com/hakaioffsec/CVE-2026-25769
https://github.com/hakaioffsec/CVE-2026-25769
π₯7π1
π Eid Mubarak! β¨
May this Eid bring peace, happiness, and endless blessings to you and your loved ones π€
~DarkShadow
May this Eid bring peace, happiness, and endless blessings to you and your loved ones π€
~DarkShadow
β€13
Check it out! π
https://github.com/gh0stkey/Web-Fuzzing-Box
Please open Telegram to view this post
VIEW IN TELEGRAM
β€5π1
Hey Hunter's,
DarkShadow is here back again!
πLFI via misconfigured image parameterβ
> In most of cases hackers only test blind SSRF in image handler parameter.
But if you test the right payload it can disclose many hidden bugs!
So guys if you enjoy to read such methods, show your love β€οΈ
#bugbountytips #lfi
DarkShadow is here back again!
πLFI via misconfigured image parameterβ
> In most of cases hackers only test blind SSRF in image handler parameter.
But if you test the right payload it can disclose many hidden bugs!
So guys if you enjoy to read such methods, show your love β€οΈ
#bugbountytips #lfi
π₯10β€4π1
The terminal doesn't lie. Neither does this guide. π Bug Bounty Masterclass is live β 11 chapters, real HackerOne PoCs, step-by-step recon workflow. First 20 get it FREE. Code: 1awe π https://topmate.io/saumadip/2009859?coupon_code=1awe
1π₯5πΏ2β€1
π¨XPFarm - An open-source vulnerability scanner that wraps well-known open-source security tools behind a single web UI.
β Download: https://github.com/canuk40/xpfarm/
#CyberSecurity #BugBounty #EthicalHacking #Infosec #BrutSecurity
β Download: https://github.com/canuk40/xpfarm/
#CyberSecurity #BugBounty #EthicalHacking #Infosec #BrutSecurity
π8β€2
π₯ Phantom β Autonomous AI Red Team Agent
βοΈ LLM-Powered Offensive Security Automation Framework
π https://github.com/kmdn-ch/phantom-ethical-redteam
βοΈ LLM-Powered Offensive Security Automation Framework
π https://github.com/kmdn-ch/phantom-ethical-redteam
β€7
Brut Security
π₯ FREE for the first 20 people β no catch. I just launched the Bug Bounty Masterclass PDF on Topmate. Built for absolute beginners. No fluff. No theory for the sake of theory. Just the exact process real hunters use. βββββββββββββββ π FIRST 20 GET IT FREEβ¦
10 Free Coupons - https://topmate.io/saumadip/2009859?coupon_code=awxe
topmate.io
Bug Bounty Masterclass with Saumadip Mandal
Beginner to bug bounty hunter β tools, recon & real PoCs.
π₯5β€1π¨βπ»1