Please open Telegram to view this post
VIEW IN TELEGRAM
๐4
CVE-2024-11667: Directory Traversal in Zyxel Firewalls, 7.3 ratingโ๏ธ
A vulnerability in the web interface of some firewalls allows an attacker to download or upload files using a special URL.
Search at Netlas.io:
๐ Link: https://nt.ls/agozE
๐ Dork: http.favicon.hash_sha256:9a02f3cf948f9409c25070f2f057b69dda5d0aaf7fa8d056552e8bda8295ca1f
Vendor's advisory: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024
A vulnerability in the web interface of some firewalls allows an attacker to download or upload files using a special URL.
Search at Netlas.io:
๐ Link: https://nt.ls/agozE
๐ Dork: http.favicon.hash_sha256:9a02f3cf948f9409c25070f2f057b69dda5d0aaf7fa8d056552e8bda8295ca1f
Vendor's advisory: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024
๐9โค1๐ฟ1
Please open Telegram to view this post
VIEW IN TELEGRAM
1๐3๐ฅ2โค1
This media is not supported in your browser
VIEW IN TELEGRAM
โItโs the 1st of December Again!โ
Another year is slipping by, but guess what? Thereโs still a whole month left to make it count. For all the bug hunters out there, this is your sign to look back and appreciate how far youโve comeโand to push even harder.
Remember that first bounty? That late-night rush when you cracked a tough challenge? The time you got that โValid Vulnerabilityโ email that made the sleepless nights worth it?
Bug bounty is a journey. Itโs a grind, a game of patience, persistence, and passion. Itโs about falling in love with the processโof learning, breaking, fixing, and growing.
If youโre stuck or frustrated, donโt let it define you. Learn from your misses, keep reading, practicing, and hunting. The next breakthrough might be just a scan, payload, or overlooked endpoint away.
December is the perfect month to reflect and refocus. Write those reports, finish that pending recon, or master a new skill. Close the year knowing you gave it your all.
Letโs finish this year strong, hunters. The worldโs full of bugs waiting to be squashedโand the next one could be yours.
โ๏ธBrutSecurity
#KeepHunting #BugBountyLife #1stDecemberMomentum
Another year is slipping by, but guess what? Thereโs still a whole month left to make it count. For all the bug hunters out there, this is your sign to look back and appreciate how far youโve comeโand to push even harder.
Remember that first bounty? That late-night rush when you cracked a tough challenge? The time you got that โValid Vulnerabilityโ email that made the sleepless nights worth it?
Bug bounty is a journey. Itโs a grind, a game of patience, persistence, and passion. Itโs about falling in love with the processโof learning, breaking, fixing, and growing.
If youโre stuck or frustrated, donโt let it define you. Learn from your misses, keep reading, practicing, and hunting. The next breakthrough might be just a scan, payload, or overlooked endpoint away.
December is the perfect month to reflect and refocus. Write those reports, finish that pending recon, or master a new skill. Close the year knowing you gave it your all.
Letโs finish this year strong, hunters. The worldโs full of bugs waiting to be squashedโand the next one could be yours.
โ๏ธBrutSecurity
#KeepHunting #BugBountyLife #1stDecemberMomentum
2๐14โค5๐ฟ3
Exploit AWS metadata & user data access in Bug Bounty & CTF challenges!
๐ https://github.com/Lu3ky13/Unauthorized-Access-to-Metadata-and-User-Data-like-CTF
#BugBounty #bugbountytip
๐ https://github.com/Lu3ky13/Unauthorized-Access-to-Metadata-and-User-Data-like-CTF
#BugBounty #bugbountytip
๐9
๐Ex-param - an automated tool designed for finding reflected parameters for XSS vulnerabilities
โ https://github.com/rootDR/ex-param
โ https://github.com/rootDR/ex-param
โค7๐3๐ฟ1
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ14๐6โค5๐คจ1
Please open Telegram to view this post
VIEW IN TELEGRAM
๐12๐ฅ4๐ณ2
Please open Telegram to view this post
VIEW IN TELEGRAM
โค6๐ฅ4๐1
๐Morpheus IOC Scanner - A powerful tool for detecting and analyzing suspicious files, including ransomware and Indicators of Compromise (IOCs). With custom-built rules and advanced integrations, it offers detailed insights to identify sophisticated threats and bolster your defense against cyber risks.
๐https://github.com/phantom0004/morpheus_IOC_scanner
๐https://github.com/phantom0004/morpheus_IOC_scanner
๐20๐ฅ5
Do give reaction on the post guys, it helped me to stay motivated and to post content like this.๐ฅธ
Please open Telegram to view this post
VIEW IN TELEGRAM
๐41โค5๐ฅ2
CVE-2024-8672: Code Injection in Widget Options WordPress Plugin, 9.9 rating ๐ฅ
The vulnerability allows an attacker to enter data that is transmitted without proper filtering. This could potentially lead to remote code execution.
Search at Netlas.io:
๐ Link: https://nt.ls/xOEZp
๐ Dork: http.body:"plugins/widget-options"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/widget-options/widget-options-the-1-wordpress-widget-block-control-plugin-407-authenticated-contributor-remote-code-execution
The vulnerability allows an attacker to enter data that is transmitted without proper filtering. This could potentially lead to remote code execution.
Search at Netlas.io:
๐ Link: https://nt.ls/xOEZp
๐ Dork: http.body:"plugins/widget-options"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/widget-options/widget-options-the-1-wordpress-widget-block-control-plugin-407-authenticated-contributor-remote-code-execution
โค5๐5
๐๐ฆ FAVICORN - A versatile tool to search websites using favicons!
๐How it works:
Simply input a favicon, and Favicorn fetches search result links across 10+ platforms, making it a handy tool for researchers and testers alike.
๐https://github.com/sharsil/favicorn
๐How it works:
Simply input a favicon, and Favicorn fetches search result links across 10+ platforms, making it a handy tool for researchers and testers alike.
๐https://github.com/sharsil/favicorn
๐14โค1
https://x.com/wtf_brut/status/1863893133379150234
Do Follow Me On๐ฃ
Have Shared Almost 2000+ Bug Bounty Tips.๐ฑ ๐ท๐บ ๐บ๐ธ
Do Follow Me On
Have Shared Almost 2000+ Bug Bounty Tips.
Please open Telegram to view this post
VIEW IN TELEGRAM
What Browser Do You Use?
Anonymous Poll
37%
Chrome
52%
FireFox
2%
Arc
28%
Brave
3%
Safari
3%
Opera GX
๐7โค2
๐ Unlock That 20% Pro Labs Discount! ๐
Alright, hackers, hereโs the deal: Hack The Box Pro Labs just got REAL! ๐ฅ If youโre ready to leave the beginner stuff in the dust and dive into legit red team missions, Iโve got an exclusive 20% off waiting for you. But hereโs the catch โ only 100 of you can snag this deal. ๐
๐ฅ Use code:
at checkout for 20% off the annual Pro Labs subscription! Itโs high-level hacking in real enterprise environments. Ready to go pro? ๐ถ๏ธ
๐Checkout Here - https://hackthebox.com/hacker/pro-labs
Jump on this quick โ or you might miss the boat. ๐ค๐จ #HackTheBox #LevelUp #ProLabs
Alright, hackers, hereโs the deal: Hack The Box Pro Labs just got REAL! ๐ฅ If youโre ready to leave the beginner stuff in the dust and dive into legit red team missions, Iโve got an exclusive 20% off waiting for you. But hereโs the catch โ only 100 of you can snag this deal. ๐
๐ฅ Use code:
brutsecurityprolabs20
๐Checkout Here - https://hackthebox.com/hacker/pro-labs
Jump on this quick โ or you might miss the boat. ๐ค๐จ #HackTheBox #LevelUp #ProLabs
๐5โค1