This media is not supported in your browser
VIEW IN TELEGRAM
PenTesting Agent : is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.
red team ops, Automated recon & exploitation, smart task trees, multi-agent collab, and seamless tool chaining like Nmap, Metasploit, SQLMap, Amass etc
https://github.com/GH05TCREW/pentestagent
red team ops, Automated recon & exploitation, smart task trees, multi-agent collab, and seamless tool chaining like Nmap, Metasploit, SQLMap, Amass etc
https://github.com/GH05TCREW/pentestagent
๐ฅ7โค2
This media is not supported in your browser
VIEW IN TELEGRAM
๐งGhostLock (CVE-2026-43499): a 15-year-old Linux kernel vulnerability that affects every distribution. Desktop, server, Android, IoT, embedded. $92,337 Google kernelCTF bounty.
https://github.com/NebuSec/CyberMeowfia/tree/main/IonStack/CVE-2026-43499
A stack-UAF in the rtmutex subsystem. remove_waiter() uses current instead of waiter::task during proxy-lock rollback in futex_requeue(), leaving a dangling pointer to freed kernel stack memory. No special kernel modules needed, only CONFIG_FUTEX_PI which is enabled on every distro.
Nebula Security (NebuSec) turned it into a 97% stable privilege escalation and container escape. The exploit chains a dangling pointer into an arbitrary address write, hijacks a function table for control flow, and achieves root in about 5 seconds. Found by VEGA, their AI vulnerability scanner.
Part of IonStack, the first browser-to-kernel full-chain RCE on Android 17: CVE-2026-10702 (Firefox IonMonkey JIT 0-day, near 100% success rate) chained with GhostLock for kernel LPE.
Present since Linux 2.6.39 (2011). Fixed in Linux 7.1. Full exploit code published on GitHub.
Exploit:
https://github.com/NebuSec/CyberMeowfia/tree/main/IonStack/CVE-2026-43499
โค2๐1๐ฟ1
10 Free Coupons for Bug Bounty Guide https://topmate.io/saumadip/2187710?coupon_code=joomla
10 Free Coupons for Bug Bounty Masterclass https://topmate.io/saumadip/2009859?coupon_code=joomla
10 Free Coupons for Bug Bounty Masterclass https://topmate.io/saumadip/2009859?coupon_code=joomla
topmate.io
Bug Bounty Guide 2026 with Saumadip Mandal
Master modern bug bounty hunting with 86 pages, 25 chapter
๐ข4โค1๐1
This media is not supported in your browser
VIEW IN TELEGRAM
The feeling of relief ๐ฎโ๐จ
โค2๐ณ2๐1
This media is not supported in your browser
VIEW IN TELEGRAM
๐ฅFeroxbuster: A fast recursive content discovery tool written in Rust.
Built for finding hidden files, directories, and endpoints using wordlists, with support for recursion, filters, extensions, headers, proxies, and more.
GitHub: https://github.com/epi052/feroxbuster
Built for finding hidden files, directories, and endpoints using wordlists, with support for recursion, filters, extensions, headers, proxies, and more.
GitHub: https://github.com/epi052/feroxbuster
โค5๐3
Bug Bounty Guide 2026 is now available at 1$
and
5 Free Coupon https://topmate.io/saumadip/2187710?coupon_code=awxea
and
5 Free Coupon https://topmate.io/saumadip/2187710?coupon_code=awxea
topmate.io
Bug Bounty Guide 2026 with Saumadip Mandal
Master modern bug bounty hunting with 86 pages, 25 chapter
โค2๐1
Brut Security pinned ยซBug Bounty Guide 2026 is now available at 1$ and 5 Free Coupon https://topmate.io/saumadip/2187710?coupon_code=awxeaยป
redacted_demo.svg
376.4 KB
This tool demonstrates a privacy issue in Zomato's contact recommendation feature. By syncing a target phone number, the following data can be retrieved without the target's explicit consent (provided they have "Recommend to friends" enabled):
Please open Telegram to view this post
VIEW IN TELEGRAM
โค3
Forwarded from Brut Security 2.0
Cybersecurity Tools Collection (Pentesting โข Recon โข Web Security โข Network Analysis) ๐
Download Link : https://drive.google.com/drive/u/0/mobile/folders/1lGnd9YAzE5-Nes8NAsDDMpd-Aq3GES3p
Download Link : https://drive.google.com/drive/u/0/mobile/folders/1lGnd9YAzE5-Nes8NAsDDMpd-Aq3GES3p
โค2๐2
Bug Bounty Masterclass 2026 10 Free Coupons https://topmate.io/saumadip/2009859?coupon_code=awxe
topmate.io
Bug Bounty Masterclass 2026 with Saumadip Mandal
Beginner to bug bounty hunter โ tools, recon & real PoCs.
๐ฅ2โค1๐1
Media is too big
VIEW IN TELEGRAM
โผ๏ธ CVE-2025-26529: Moodle XSS to RCE Exploit
GitHub: https://github.com/Astroo18/PoC-CVE-2025-26529
GitHub: https://github.com/Astroo18/PoC-CVE-2025-26529
โค2๐1
Media is too big
VIEW IN TELEGRAM
Hey Hunter's,
DarkShadow is here back again!
(Sorry for the long delay, I was really too busy with my projects)
you can find vulnerabilities in chrome extensions!
even you can use this dork to find you target company extensions:
replace the nasa.gov to your target domain.
so guy's if you really love to read my methods follow me x.com/darkshadow2bd
#bugbountytips
DarkShadow is here back again!
(Sorry for the long delay, I was really too busy with my projects)
you can find vulnerabilities in chrome extensions!
All of your Chrome extensions are downloaded to your local storage. You can analyze them to find various vulnerabilities, and sometimes they contain sensitive API keys and tokens.
even you can use this dork to find you target company extensions:
site:chromewebstore.google.com "nasa.gov"
replace the nasa.gov to your target domain.
so guy's if you really love to read my methods follow me x.com/darkshadow2bd
#bugbountytips
โค4๐ฅ2๐1
Please open Telegram to view this post
VIEW IN TELEGRAM
topmate.io
Bug Bounty Guide 2026 with Saumadip Mandal
Master modern bug bounty hunting with 86 pages, 25 chapter