Hey everyone! ๐
A big, warm welcome to all our new members! ๐ And to our amazing long-time supporters, thank you for sticking around and making this community what it is today! ๐
If youโve been finding value in the bug bounty updates, cybersecurity tips, and job opportunities I share, Iโd truly appreciate your support. โญ You can boost or give a star to Brut Securityโit keeps me motivated to keep delivering the best content for you all! ๐ป๐
Thanks for being such an incredible community. Your encouragement means everything!โค๏ธ ๐
A big, warm welcome to all our new members! ๐ And to our amazing long-time supporters, thank you for sticking around and making this community what it is today! ๐
If youโve been finding value in the bug bounty updates, cybersecurity tips, and job opportunities I share, Iโd truly appreciate your support. โญ You can boost or give a star to Brut Securityโit keeps me motivated to keep delivering the best content for you all! ๐ป๐
Thanks for being such an incredible community. Your encouragement means everything!
Please open Telegram to view this post
VIEW IN TELEGRAM
1โค9๐ฅ2
"https://target.com" send_keys
"https://target.com" password
"https://target.com" api_key
"https://target.com" apikey
"https://target.com" jira_password
"https://target.com" root_password
"https://target.com" access_token
"https://target.com" config
"https://target.com" client_secret
"https://target.com" user auth
Please open Telegram to view this post
VIEW IN TELEGRAM
Target
Target : Expect More. Pay Less.
Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.
๐13๐ฅ6โค2
Itโs been a while! Howโs everyone doing? Let me know what resources you need in cybersecurity. Please note, no requests for pirated material.
๐ฅ7๐1
Please open Telegram to view this post
VIEW IN TELEGRAM
1๐12โค6๐ฅ1
โ ๏ธ S3 Bucket Recon โ ๏ธ
Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png
Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png
GitHub
awsome-websecurity-checklist/Mindmaps/S3-Bucket Recon.png at main ยท securitycipher/awsome-websecurity-checklist
Contribute to securitycipher/awsome-websecurity-checklist development by creating an account on GitHub.
๐7
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ4
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
โค8๐1
BGPView for Reconnaissance
- Get ASN Information
- Enumerate IP Prefixes for an ASN
- Retrieve IP Address Details
- Search ASN, IP, or Domain Together
- Upstreams
- Upstreams [ IPv4 ]
- Upstreams [ IPv6 ]
- All Peers
- Extract ASN Prefixes with Peer Details
- Downstreams
- Subdomain Enumeration from ASN
- Query ASN by Organization Name
ยฉ Yasin
- Get ASN Information
curl -s "https://api.bgpview.io/asn/AS12345" | jq
- Enumerate IP Prefixes for an ASN
curl -s "https://api.bgpview.io/asn/AS12345/prefixes" | jq '.data.ipv4_prefixes[] | .prefix'
- Retrieve IP Address Details
curl -s "https://api.bgpview.io/ip/8.8.8.8" | jq
- Search ASN, IP, or Domain Together
curl -s "https://api.bgpview.io/search?query=example.com" | jq '.data'
- Upstreams
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq
- Upstreams [ IPv4 ]
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq '.data.ipv4_upstreams[] | {asn, name, description, country: .country_code}'
- Upstreams [ IPv6 ]
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq '.data.ipv6_upstreams[] | {asn, name, description, country: .country_code}'
- All Peers
curl -s "https://api.bgpview.io/asn/AS12345/peers" | jq '[.data.ipv4_peers[], .data.ipv6_peers[]] | map({asn, name, description, country: .country_code})'
- Extract ASN Prefixes with Peer Details
curl -s "https://api.bgpview.io/asn/AS12345/peers" | jq '[.data.ipv4_peers[], .data.ipv6_peers[]] | map({asn, name, description, country: .country_code, prefix: .prefix})'
- Downstreams
curl -s "https://api.bgpview.io/asn/AS12345/downstreams" | jq
- Subdomain Enumeration from ASN
curl -s "https://api.bgpview.io/asn/AS12345/prefixes"
dig -x $prefix
done
- Query ASN by Organization Name
curl -s "https://api.bgpview.io/search?query=google" | jq '.data.asns[] | {asn, name, description}'
Please open Telegram to view this post
VIEW IN TELEGRAM
๐12๐ณ4โค2
CVE-2024-52052, -053, -054, -055, -056: Multiple vulnerabilitites in Wowza Streaming Engine, 5.1 - 9.4 rating ๐ฅ
Five recent vulnerabilities we almost missed. RCE, stored XSS, file read, file write, and folder deletion - vulnerabilities for every taste!
Search at Netlas.io:
๐ Link: https://nt.ls/8BudC
๐ Dork: http.favicon.hash_sha256:3641ed4d68a0362f1ef45069584a71b0940acfcdb6abf8c13b8fc29837160a81 OR http.headers.server:"WowzaStreamingEngine"
Read more: https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
Five recent vulnerabilities we almost missed. RCE, stored XSS, file read, file write, and folder deletion - vulnerabilities for every taste!
Search at Netlas.io:
๐ Link: https://nt.ls/8BudC
๐ Dork: http.favicon.hash_sha256:3641ed4d68a0362f1ef45069584a71b0940acfcdb6abf8c13b8fc29837160a81 OR http.headers.server:"WowzaStreamingEngine"
Read more: https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
๐1
This media is not supported in your browser
VIEW IN TELEGRAM
1. Go to
chrome://extensions2. Turn on Developer mode
3. Copy the extension ID
4. Go to
~/Library/Application Support/Google/Chrome/Default/Extensions5. Find the matching
ID then find the manifest.json file!Please open Telegram to view this post
VIEW IN TELEGRAM
๐7
CVE-2024-8932, -8929, -11233, -11236, -11234: Multiple vulnerabilities in PHP, 4.8 - 9.8 rating ๐ฅ
Five vulnerabilities in some PHP versions, which allowing attackers to leak sensitive information, execute arbitrary code, or launch DoS attacks.
More then 700k instances at Netlas.io:
๐ Link 1 (tag, more precisely): https://nt.ls/yIHH8
๐ Dork: tag.php.version:(>=8.1.0 AND <8.1.31) OR tag.php.version:(>=8.2.0 AND <8.2.26) OR tag.php.version:(>=8.3.0 AND <8.3.14)
๐ Link 2 (not tag, all PHP instances): https://nt.ls/9GJlg
๐ Dork: http.headers.x_powered_by:"php" OR http.headers.set_cookie:"PHPSESSID" OR http.headers.server:"PHP"
Vendor's advisories: https://github.com/php/php-src/security
Five vulnerabilities in some PHP versions, which allowing attackers to leak sensitive information, execute arbitrary code, or launch DoS attacks.
More then 700k instances at Netlas.io:
๐ Link 1 (tag, more precisely): https://nt.ls/yIHH8
๐ Dork: tag.php.version:(>=8.1.0 AND <8.1.31) OR tag.php.version:(>=8.2.0 AND <8.2.26) OR tag.php.version:(>=8.3.0 AND <8.3.14)
๐ Link 2 (not tag, all PHP instances): https://nt.ls/9GJlg
๐ Dork: http.headers.x_powered_by:"php" OR http.headers.set_cookie:"PHPSESSID" OR http.headers.server:"PHP"
Vendor's advisories: https://github.com/php/php-src/security
๐3โค2
Black Friday & Cyber Monday Discount at Netlas ๐
Take advantage of our exclusive Black Friday & Cyber Monday deal: 20% off Freelancer and Business subscriptions for both monthly and annual billing cycles!
The best part? This isnโt just a one-time discount โ itโs your forever price as long as your subscription remains active or until base prices are reconsidered ๐ฅ
All you need to claim your forever discount is the code: BFCM2024.
๐ Learn more here: https://nt.ls/2WiQ0
Take advantage of our exclusive Black Friday & Cyber Monday deal: 20% off Freelancer and Business subscriptions for both monthly and annual billing cycles!
The best part? This isnโt just a one-time discount โ itโs your forever price as long as your subscription remains active or until base prices are reconsidered ๐ฅ
All you need to claim your forever discount is the code: BFCM2024.
๐ Learn more here: https://nt.ls/2WiQ0
๐2โค1๐ณ1
CyberWarFare Labs is offering 90% OFF for some of its certifications, perfect especially for those looking for their first certification or to improve your skills. I highly recommend it, especially if you want an affordable option for certifications.
#NotAPaidPromotion
#NotAPaidPromotion
๐4