BLACKFRIDAY2024 SALE: Get all of our malware development and red teaming courses bundle for only $199.
โ$400
โ $199
Start your new year with developing malware and building offensive tools
redteamsorcery.teachable.com/p/learnthemall
โ$400
โ $199
Start your new year with developing malware and building offensive tools
redteamsorcery.teachable.com/p/learnthemall
๐คจ3๐2โค1
CVE-2024-11274, -8233, other: Multiple vulnerabilities in GitLab, 7.5 - 8.7 ratingโ
In a new release, GitLab talked about two important vulnerabilities. One of them allows attacker to carry out DoS, the second allows to steal session data and potentially gain unauthorized access to accounts. Several smaller vulnerabilities are also mentioned.
Search at Netlas.io:
๐ Link: https://nt.ls/xM1vs
๐ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/
In a new release, GitLab talked about two important vulnerabilities. One of them allows attacker to carry out DoS, the second allows to steal session data and potentially gain unauthorized access to accounts. Several smaller vulnerabilities are also mentioned.
Search at Netlas.io:
๐ Link: https://nt.ls/xM1vs
๐ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/
๐4๐คจ2
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - mrmtwoj/apache-vulnerability-testing: Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024โฆ
Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709 - mrmt...
โค10๐2
Please open Telegram to view this post
VIEW IN TELEGRAM
โค10๐ฅ4๐1
๐ Dnsbruter - A powerful tool for active subdomain enumeration and discovery.
โจ Features:
Dnsbruter uses DNS resolution to bruteforce and identify subdomains efficiently. Its multithreading capability allows users to control concurrency for faster and more effective results. Perfect for researchers and pen testers targeting domain reconnaissance.
๐ https://github.com/RevoltSecurities/Dnsbruter/
โจ Features:
Dnsbruter uses DNS resolution to bruteforce and identify subdomains efficiently. Its multithreading capability allows users to control concurrency for faster and more effective results. Perfect for researchers and pen testers targeting domain reconnaissance.
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ12๐4
Please open Telegram to view this post
VIEW IN TELEGRAM
๐11โค3
CVE-2024-38819: Path Traversal in Spring Framework, 7.5 ratingโ๏ธ
Another Path Traversal vulnerability in the Spring framework. This time there is even a PoC!
Search at Netlas.io:
๐ Link: https://nt.ls/AzCtg
๐ Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38819
Another Path Traversal vulnerability in the Spring framework. This time there is even a PoC!
Search at Netlas.io:
๐ Link: https://nt.ls/AzCtg
๐ Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38819
๐6โค3
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ณ13๐ฟ8๐3๐คจ2
๐ IVRE - The Ultimate Network Reconnaissance Framework
โจ Key Features:
IVRE allows you to build your self-hosted, fully controlled alternatives to tools like Shodan, ZoomEye, Censys, and GreyNoise.
- Run your Passive DNS service
- Create tailor-made EASM tools
- Collect and analyze network intelligence using Nmap, Masscan, Zeek, p0f, ProjectDiscovery tools, and more!
Perfect for security researchers and network analysts.
๐ Get the tool here: https://github.com/ivre/ivre
โจ Key Features:
IVRE allows you to build your self-hosted, fully controlled alternatives to tools like Shodan, ZoomEye, Censys, and GreyNoise.
- Run your Passive DNS service
- Create tailor-made EASM tools
- Collect and analyze network intelligence using Nmap, Masscan, Zeek, p0f, ProjectDiscovery tools, and more!
Perfect for security researchers and network analysts.
๐ Get the tool here: https://github.com/ivre/ivre
GitHub
GitHub - ivre/ivre: Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEyeโฆ
Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, co...
๐4
๐ Wrapping Up an Amazing Year Together! ๐
Hey Brut Fam! ๐As 2024 comes to a close, I want to thank each and every one of you for being part of this amazing journey. This year, weโve shared 1,500+ resources, learned, grown, and built an incredible community of 8,000+ members. Your support and engagement have made Brut Security what it is today. ๐ช
If youโve found value in the resources Iโve shared and want to support me in continuing this journey, you can now buy me a coffee โ here:
โ๏ธ https://buymeacoffee.com/saumadip
Itโs not mandatoryโjust a small way to show appreciation if you feel like it.
Wishing you all a early very Merry Christmas ๐ and a Happy New Year ๐ filled with learning, growth, and success! Hereโs to an even bigger and better 2025! ๐
Stay curious, stay secure. ๐
Hey Brut Fam! ๐As 2024 comes to a close, I want to thank each and every one of you for being part of this amazing journey. This year, weโve shared 1,500+ resources, learned, grown, and built an incredible community of 8,000+ members. Your support and engagement have made Brut Security what it is today. ๐ช
If youโve found value in the resources Iโve shared and want to support me in continuing this journey, you can now buy me a coffee โ here:
Itโs not mandatoryโjust a small way to show appreciation if you feel like it.
Wishing you all a early very Merry Christmas ๐ and a Happy New Year ๐ filled with learning, growth, and success! Hereโs to an even bigger and better 2025! ๐
Stay curious, stay secure. ๐
Please open Telegram to view this post
VIEW IN TELEGRAM
โค3๐3๐จโ๐ป2๐ฅ1๐ณ1
Brut Security pinned ยซ๐ Wrapping Up an Amazing Year Together! ๐ Hey Brut Fam! ๐As 2024 comes to a close, I want to thank each and every one of you for being part of this amazing journey. This year, weโve shared 1,500+ resources, learned, grown, and built an incredible communityโฆยป
CVE-2024-50379, -54677: RCE and DoS in Apache Tomcat, 5.3 - 9.8 rating ๐ฅ
New vulnerabilities allow attackers to upload and execute malicious files disguised as legitimate ones, as well as cause OutOfMemoryError to shut down the server.
Search at Netlas.io:
๐ Link: https://nt.ls/WHRGO
๐ Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Read more: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
New vulnerabilities allow attackers to upload and execute malicious files disguised as legitimate ones, as well as cause OutOfMemoryError to shut down the server.
Search at Netlas.io:
๐ Link: https://nt.ls/WHRGO
๐ Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Read more: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
โค2