Brut Security

👻👻 A search engine for CTF writeups

🛡

https://ctfsearch.hackmap.win/

Please open Telegram to view this post

VIEW IN TELEGRAM

10❤28👍6

5.78K viewsedited 10:14

Brut Security

Hacking_IIS_NahamCon.pdf

1.6 MB

❤10

4.7K views03:28

Brut Security

𝗚𝗮𝗺𝗲 𝗼𝗳 𝗔𝗰𝘁𝗶𝘃𝗲 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝘆

👻

👻GOAD is a pentest active directory LAB project. This lab aims to give pentesters a vulnerable AD environment ready to use to practice usual attack techniques.

🔥

https://github.com/Orange-Cyberdefense/GOAD

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥17👍7❤2

5.79K views05:02

Brut Security

👻👻SpoofProof helps security professionals detect email domain spoofing vulnerabilities and validate DMARC, SPF, and DKIM configurations, making email security assessments seamless and efficient.

⭐Extension Name: SpoofProof - Domain Spoofing Validation

🔗 BApp Store: https://portswigger.net/bappstore/a321360c6e114b3dab6f2c67d68c241a
💻 Source Code: https://github.com/portswigger/spoofproof

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥20❤6👍4🤨2

5.35K views07:11

Brut Security

👻

👻SpoofProof helps security professionals detect email domain spoofing vulnerabilities and validate DMARC, SPF, and DKIM configurations, making email security assessments seamless and efficient. ⭐Extension Name: SpoofProof - Domain Spoofing Validation 🔗…

🤣13🔥7❤3

4.92K views07:11

Brut Security

Don't forget to react guys 😔

Please open Telegram to view this post

VIEW IN TELEGRAM

🗿21🔥10👍6👏4🐳2🤣1🫡1

4.68K views08:22

Brut Security

Brut Security pinned a photo

10:10

Brut Security

🤣86🐳8❤1😁1👨‍💻1

4.24K views04:23

Brut Security

CVE-2025-20029: Command Injection in F5 BIG-IP, 8.8 rating❗️

The vulnerability allows an attacker to escalate privileges, execute arbitrary commands, and manipulate system files. Not the latest vulnerability, but the PoC was published just recently!

Search at Netlas.io:
👉 Link: https://nt.ls/e17gN
👉 Dork: http.headers.server:"BigIP"

Vendor's advisory: https://my.f5.com/manage/s/article/K000148587

👍7❤3😱2

4.16K views11:11

Brut Security

CVE-2025-24752: XSS in Elementor Page Builder, 7.1 rating❗️

Reflected XSS in a large number of sites. Thanks to our friend Chirag Artani for suggesting the query!

Search at Netlas.io:
👉 Link: https://nt.ls/8wpei
👉 Dork: http.body:"plugins/elementor" AND host_type:domain

Read more: https://patchstack.com/articles/reflected-xss-patched-in-essential-addons-for-elementor-affecting-2-million-sites/

❤4👍3

4.26K views05:14

Brut Security

🚨

If you're looking for accurate IoT results, then Sign Up On @Netlas

😮‍💨

https://app.netlas.io/ref/9cc61538/

Please open Telegram to view this post

VIEW IN TELEGRAM

app.netlas.io

Discover, Research and Monitor any Assets Available Online

Internet intelligence apps that provide accurate technical information on IP addresses, domain names, websites, web applications, IoT devices, and other online assets.

🔥4

4.16K views05:15

Brut Security

This media is not supported in your browser

VIEW IN TELEGRAM

Active link finding with xnLinkFinder! 🚀

Command breakdown:
-i https://bugcrowd.com → Target domain
-sp https://bugcrowd.com → Scope prefix
-sf "bugcrowd.*" → Scope filter
-d 2 → Crawl depth
-v → Verbose output

👍10❤9

4.6K views11:11

Brut Security

This media is not supported in your browser

VIEW IN TELEGRAM

Popping alert(1) doesn't show REAL impact.

Escalate your XSS by stealing cookies instead👇

🗿15🔥4❤2

4.53K views16:43

Brut Security

https://github.com/Brut-Security/CVE-2024-4879

GitHub

GitHub - Brut-Security/CVE-2024-4879: CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow

CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow - Brut-Security/CVE-2024-4879

👍9

3.92K views19:54

Brut Security

Sensitive Files by Fuzzing Key .git Paths.

/.git
/.gitkeep
/.git-rewrite
/.gitreview
/.git/HEAD
/.gitconfig
/.git/index
/.git/logs
/.svnignore
/.gitattributes
/.gitmodules
/.svn/entries

🔥10❤7👍4🫡3

4.57K views08:36

Brut Security

🔖

Find Leaked Credentials Using Google Chrome dev Tools

📱 Github:

🔗

Link

Please open Telegram to view this post

VIEW IN TELEGRAM

👍18❤4🫡4👏1

4.16K views10:36

Brut Security

How many bugs do you know?

🔥24👨‍💻8😱3

4.22K views13:56

Brut Security

Is your open URL redirect payload getting blocked? 🧐

Try one of these payloads to bypass it! 🤑

https://www.intigriti.com/researchers/blog/hacking-tools/open-url-redirects-a-complete-guide-to-exploiting-open-url-redirect-vulnerabilities

❤7👍3🔥2

4.98K views17:02

Brut Security

Crazy Aliyun WAF Bypass:
cat /etc/hosts - triggers WAF
tac /etc/hosts - 🧙‍♂️

Credit: @galnagli
#bugbountytips #bugbounty

🔥5🤨3❤2👍2🗿2

4.73K views18:08

Brut Security

💭

Everyone’s journey in bug bounty is unique. What worked for one hacker may not work for you, and that’s okay. Your growth isn’t defined by someone else’s timeline. You have your own challenges to face, your own lessons to learn, and your own way of mastering this craft.

Some will find their first bug in a week, while others might take months. Some will excel in recon, others in web exploitation. It’s not about how fast you get there—it’s about persistence, learning, and adapting. Every failed attempt is a step forward, every mistake a lesson.

So, don’t compare your journey to others. Focus on your progress. Keep hacking, keep improving, and most importantly, keep walking your own path. Success will follow.

Please open Telegram to view this post

VIEW IN TELEGRAM

❤25👍5

4.61K views19:47

Brut Security

Brut Security pinned «💭Everyone’s journey in bug bounty is unique. What worked for one hacker may not work for you, and that’s okay. Your growth isn’t defined by someone else’s timeline. You have your own challenges to face, your own lessons to learn, and your own way of mastering…»

19:47

About

Blog

Apps

Platform