Brut Security
15.9K subscribers
1.06K photos
92 videos
300 files
1.14K links
โœ…DM: @wtf_brut
๐Ÿ›ƒWhatsApp: https://wa.link/brutsecurity
๐ŸˆดTraining: https://brutsecurity.com
๐Ÿ“จMail: info@brutsec.com
Download Telegram
๐Ÿš€ Admissions Open | Upcoming Cybersecurity Batches

Enrollment is now open for our upcoming batches:

โ€ข Web Penetration Testing
โ€ข Bug Bounty Hunting
โ€ข Ethical Hacking
โ€ข VAPT (Vulnerability Assessment & Penetration Testing)

What you'll get:
โœ… Live practical sessions
โœ… Real-world labs
โœ… Industry methodology
โœ… Mentor support
โœ… Certificate on completion

๐ŸŽ“ Student Discount Available (Limited Time)

๐Ÿ“ฉ DM to enroll or visit: http://wa.link/brutsecurity
โค2๐Ÿ”ฅ1
๐Ÿ’ฅ KeyHunter: A fast Rust tool for finding leaked API keys across public GitHub repos.

It supports 45+ providers and can verify which exposed secrets are still active.

GitHub: https://github.com/fadidevv/keyhunter
๐Ÿ‘2โค1
dnsx is a fast and multi-purpose DNS toolkit designed for running various probes through the retryabledns library. It supports multiple DNS queries, user supplied resolvers, DNS wildcard filtering like shuffledns etc.

Resource: https://github.com/projectdiscovery/dnsx
โค6๐Ÿ‘3
A full-chain exploit dubbed โ€œIonStackโ€ demonstrates how a single malicious URL click can hand attackers complete control over an Android device

Credit/Source: https://cybersecuritynews.com/android-17-root-1-click
๐Ÿ‘4โค2
This media is not supported in your browser
VIEW IN TELEGRAM
PenTesting Agent : is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.

red team ops, Automated recon & exploitation, smart task trees, multi-agent collab, and seamless tool chaining like Nmap, Metasploit, SQLMap, Amass etc

https://github.com/GH05TCREW/pentestagent
๐Ÿ”ฅ7โค2
SQL injection.pdf
599.4 KB
๐ŸšจSQL Injection Cheat Sheet
โค6๐Ÿ‘3
This media is not supported in your browser
VIEW IN TELEGRAM
๐ŸงGhostLock (CVE-2026-43499): a 15-year-old Linux kernel vulnerability that affects every distribution. Desktop, server, Android, IoT, embedded. $92,337 Google kernelCTF bounty.

A stack-UAF in the rtmutex subsystem. remove_waiter() uses current instead of waiter::task during proxy-lock rollback in futex_requeue(), leaving a dangling pointer to freed kernel stack memory. No special kernel modules needed, only CONFIG_FUTEX_PI which is enabled on every distro.

Nebula Security (NebuSec) turned it into a 97% stable privilege escalation and container escape. The exploit chains a dangling pointer into an arbitrary address write, hijacks a function table for control flow, and achieves root in about 5 seconds. Found by VEGA, their AI vulnerability scanner.

Part of IonStack, the first browser-to-kernel full-chain RCE on Android 17: CVE-2026-10702 (Firefox IonMonkey JIT 0-day, near 100% success rate) chained with GhostLock for kernel LPE.

Present since Linux 2.6.39 (2011). Fixed in Linux 7.1. Full exploit code published on GitHub.


Exploit:

https://github.com/NebuSec/CyberMeowfia/tree/main/IonStack/CVE-2026-43499
โค2๐Ÿ‘1๐Ÿ—ฟ1
This media is not supported in your browser
VIEW IN TELEGRAM
The feeling of relief ๐Ÿ˜ฎโ€๐Ÿ’จ
โค2๐Ÿณ2๐Ÿ˜1
This media is not supported in your browser
VIEW IN TELEGRAM
๐Ÿ’ฅFeroxbuster: A fast recursive content discovery tool written in Rust.

Built for finding hidden files, directories, and endpoints using wordlists, with support for recursion, filters, extensions, headers, proxies, and more.

GitHub: https://github.com/epi052/feroxbuster
โค5๐Ÿ‘3
Brut Security pinned ยซBug Bounty Guide 2026 is now available at 1$ and 5 Free Coupon https://topmate.io/saumadip/2187710?coupon_code=awxeaยป
โค5
redacted_demo.svg
376.4 KB
๐ŸšจZomato Contact Recommendation Data Exposure (PoC)

This tool demonstrates a privacy issue in Zomato's contact recommendation feature. By syncing a target phone number, the following data can be retrieved without the target's explicit consent (provided they have "Recommend to friends" enabled):

๐Ÿ˜ฎhttps://github.com/jatin-dot-py/zomato-intelligence
Please open Telegram to view this post
VIEW IN TELEGRAM
โค3
โค8
Forwarded from Brut Security 2.0
Cybersecurity Tools Collection (Pentesting โ€ข Recon โ€ข Web Security โ€ข Network Analysis) ๐Ÿ’€

Download Link : https://drive.google.com/drive/u/0/mobile/folders/1lGnd9YAzE5-Nes8NAsDDMpd-Aq3GES3p
โค2๐Ÿ‘2