Brut Security
15.9K subscribers
1.06K photos
92 videos
300 files
1.14K links
βœ…DM: @wtf_brut
πŸ›ƒWhatsApp: https://wa.link/brutsecurity
🈴Training: https://brutsecurity.com
πŸ“¨Mail: info@brutsec.com
Download Telegram
This media is not supported in your browser
VIEW IN TELEGRAM
πŸ’₯TORLINK: A torrent finder that runs right from your terminal with zero setup and nothing to configure.

One search checks a small curated list of sources at once. Pick what you want, and it downloads directly to your computer.

GitHub: https://github.com/baairon/torlink
❀6πŸ‘1
This media is not supported in your browser
VIEW IN TELEGRAM
πŸ”₯ Chrome RCE PoC: CVE-2026-6307

A working renderer RCE Proof of Concept for CVE-2026-6307 β€” a V8 type-confusion bug (JS-to-Wasm deoptimization) patched in Chrome 147.0.7727.101.

βœ… Full primitives (addrof/fakeobj, out-of-cage, in-cage r/w)
βœ… No-ASLR RCE that patches JIT code to pop xcalc
βœ… Based on Nebula Security writeup
βœ… Heavily improved with frontier LLMs + human direction (4-day experiment)

This is renderer-only and still far from fully weaponized, but great for learning and research.

πŸ“₯ PoC + scripts:
https://github.com/0xsha/CVE-2026-6307

#Chrome #V8 #Exploit #CVE #SecurityResearch
❀3πŸ”₯2
☺️Your support keeps me motivated to share more valuable content! If you found this helpful, drop a like & send stars ⭐ to help me keep going.

πŸ’¬ For queries, message me on Telegram: @wtf_brut
πŸŽ“ For course enrollment, reach out on WhatsApp: wa.link/brutsecurity
1❀5πŸ‘3
🚨 [codeb0ss] β€” The Biggest CVE PoCs & Exploitation Channel on Telegram 🚨

[codeb0ss] is the largest and most dedicated Telegram channel focused entirely on real CVEs and professional Proof-of-Concept exploitation, built through more than six years of continuous hard work, research, and real-world experience in offensive security.

This channel exists for one purpose only: to publish long, high-quality, Python-based exploitation PoCs that explain how vulnerabilities truly work, from the root cause to full exploitation, without shortcuts, reposts, or shallow demonstrations.

Inside [codeb0ss], you will find an ever-growing archive of CVE-2025 and CVE-2026 PoCs, covering web applications, plugins, frameworks, logic flaws, authentication bypasses, remote code execution, privilege escalation, and complex vulnerability chains that reflect real attack scenarios seen in the wild.

Unlike typical channels that repost incomplete scripts or broken examples, every PoC published in [codeb0ss] is written with depth, clarity, and purpose, focusing on exploit logic, reliability, and practical understanding. The goal is not only to show that a vulnerability exists, but to teach how exploitation is designed, developed, and executed using clean, structured, and reusable Python code.

[codeb0ss] represents years of persistence, learning, failure, reverse engineering, and refinement. It is a channel created for security researchers, penetration testers, red teamers, bug hunters, and serious learners who value knowledge over noise and skill over hype.

All content is shared strictly for educational and informational purposes, with no harmful intentions, and with a strong emphasis on responsible learning and technical mastery.

If you are looking for the biggest, most serious, and most experienced CVE PoCs channel on Telegram, built on six years of real work and continuous contribution, then [codeb0ss] is the place to be.

πŸ‘‰ Join [codeb0ss] β€” where real CVEs become real understanding
πŸ”— https://t.me/thecodeb0ss

#AD
❀5πŸ”₯1
Forwarded from Brut Security (Saumadip Mandal)
157 Methods for Privilege Escalation (WindowsLinuxMacos) PDF.pdf
84.9 MB
πŸ‘8❀3🀝2
Something is coming soon. Stay Tuned!☠️
Please open Telegram to view this post
VIEW IN TELEGRAM
❀4
Brut Security pinned Deleted message
Please do share and like . Thanks πŸ™β€οΈ
Please open Telegram to view this post
VIEW IN TELEGRAM
❀3πŸ‘1πŸ”₯1
πŸ”₯ Just dropped β€” 2026 Bug Bounty Guide

I rewrote everything from scratch.
Not an update. A complete rebuild for how bug bounty actually works right now.

πŸ”– 86 pages. 25 chapters. Built on real data.

🟒What's inside:
β†’ The AI shift β€” what it means for your bounties
β†’ Full recon workflow (subfinder β†’ puredns β†’ httpx β†’ nuclei)
β†’ Every major vuln class with payloads β€” XSS, SSRF, IDOR, SSTI, SQLi, LFI, XXE
β†’ LLM & AI attack surface β€” prompt injection, MCP, indirect injection
β†’ WAF bypass techniques for CloudFlare, Akamai, AWS
β†’ 9 real HackerOne reports β€” PayPal $18,900 Β· Dropbox $17,576 Β· GitLab $12K Β· HackerOne $20K
β†’ Full payload cheatsheet you'll actually use mid-hunt
β†’ A-to-Z methodology checklist
β†’ Cloud security β€” AWS SSRF, S3, IAM escalation
β†’ Mobile app testing (Android + iOS)
β†’ Career roadmap from first VDP to private programs

πŸ”— https://topmate.io/saumadip/2187710

β€” Saumadip | Brut Security
@brutsecurity
Please open Telegram to view this post
VIEW IN TELEGRAM
❀6
The open-source AI pentesting tool. Autonomous AI hackers that find and fix your app’s vulnerabilities.

Resource: github.com/usestrix/strix
πŸ‘4❀3
🚨T3MP3ST - A multi-agent offensive-security framework, built to turn the AI coding agent you already run into a zero-day hunter.

⭐️Credit/Source: https://github.com/elder-plinius/T3MP3ST
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ”₯6❀3πŸ‘1
πŸš€ Admissions Open | Upcoming Cybersecurity Batches

Enrollment is now open for our upcoming batches:

β€’ Web Penetration Testing
β€’ Bug Bounty Hunting
β€’ Ethical Hacking
β€’ VAPT (Vulnerability Assessment & Penetration Testing)

What you'll get:
βœ… Live practical sessions
βœ… Real-world labs
βœ… Industry methodology
βœ… Mentor support
βœ… Certificate on completion

πŸŽ“ Student Discount Available (Limited Time)

πŸ“© DM to enroll or visit: http://wa.link/brutsecurity
❀2πŸ”₯1
πŸ’₯ KeyHunter: A fast Rust tool for finding leaked API keys across public GitHub repos.

It supports 45+ providers and can verify which exposed secrets are still active.

GitHub: https://github.com/fadidevv/keyhunter
πŸ‘2❀1
dnsx is a fast and multi-purpose DNS toolkit designed for running various probes through the retryabledns library. It supports multiple DNS queries, user supplied resolvers, DNS wildcard filtering like shuffledns etc.

Resource: https://github.com/projectdiscovery/dnsx
❀6πŸ‘3
A full-chain exploit dubbed β€œIonStack” demonstrates how a single malicious URL click can hand attackers complete control over an Android device

Credit/Source: https://cybersecuritynews.com/android-17-root-1-click
πŸ‘4❀2