Brut Security
@brutsecurity
15K subscribers
958 photos
76 videos
290 files
1K links
โœ…DM: @wtf_brut
๐Ÿ›ƒWhatsApp: https://wa.link/brutsecurity
๐ŸˆดTraining: https://brutsecurity.com
๐Ÿ“จMail: [email protected]
Download Telegram
About
Blog
Apps
Platform
Join
Brut Security
15K subscribers
Brut Security
โœจHackTheBox Certified Penetration Tester Specialist Cheatsheet

๐Ÿคhttps://github.com/zagnox/CPTS-cheatsheet
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿ”ฅ41โค6๐Ÿ‘จโ€๐Ÿ’ป2
4.09K views
Brut Security
Don't forget to give reaction and stars โœจ
1โค19๐Ÿ”ฅ5๐Ÿ˜2
3.66K views
Brut Security
CVE-2024-10441: RCE in Synology products, 9.8 rating ๐Ÿ”ฅ

Synology DSM and BSM are vulnerable to Improper Encoding or Escaping of Output, which could potentially lead to remote execution of arbitrary code.

Search at Netlas.io:
๐Ÿ‘‰ Link: https://nt.ls/KOa1N
๐Ÿ‘‰ Dork: http.favicon.hash_sha256:b8f4bb2e2ba81cb86875fb89db4571278d6e23fd888313d0f4152b1adbc8bd08

Vendor's advisory: https://www.synology.com/en-global/security/advisory/Synology_SA_24_20
๐Ÿ”ฅ7๐Ÿ‘3
3.94K views
Brut Security
๐Ÿ•ต๏ธโ€โ™‚๏ธ Bug Bounty Hunters, Hereโ€™s a Hidden Gem! ๐Ÿ’Ž
๐Ÿ“Œ Grab it now : https://gowsundar.gitbook.io/book-of-bugbounty-tips

---------------------------------------------------------
๐Ÿš€ ๐‹๐ž๐ฏ๐ž๐ฅ ๐”๐ฉ ๐˜๐จ๐ฎ๐ซ ๐‚๐ฒ๐›๐ž๐ซ๐’๐ž๐œ ๐†๐š๐ฆ๐ž! ๐Ÿ”ฅ
๐ŸŒ brutsec.com
๐Ÿ“ฑ ๐“๐ž๐ฅ๐ž๐ ๐ซ๐š๐ฆ: t.iss.one/brutsecurity
๐Ÿ’ผ ๐—: x.com/brutsecurity
๐Ÿ“– ๐„๐ญ๐ก๐ข๐œ๐š๐ฅ ๐‡๐š๐œ๐ค๐ข๐ง๐  ๐‘๐จ๐š๐๐ฆ๐š๐ฉ: topmate.io/saumadip/1391531
๐ŸŽ“ ๐‚๐จ๐ฎ๐ซ๐ฌ๐ž ๐„๐ง๐ซ๐จ๐ฅ๐ฅ๐ฆ๐ž๐ง๐ญ: wa.link/brutsecurity
โญ ๐‹๐ข๐ค๐ž ๐ญ๐ก๐ข๐ฌ ๐ฉ๐จ๐ฌ๐ญ? โ†’ ๐…๐จ๐ฅ๐ฅ๐จ๐ฐ, ๐‰๐จ๐ข๐ง, ๐’๐ฎ๐›๐ฌ๐œ๐ซ๐ข๐›๐ž & ๐’๐ž๐ง๐ ๐’๐ญ๐š๐ซ๐ฌ ๐ญ๐จ ๐ฌ๐ก๐จ๐ฐ ๐ฒ๐จ๐ฎ๐ซ ๐ฌ๐ฎ๐ฉ๐ฉ๐จ๐ซ๐ญ!
๐Ÿ”ฅ7โค3๐Ÿ—ฟ1
3.96K views
Brut Security
๐Ÿ”–The ultimate 403 Bypass wordlists and tester notes by JHaddix

๐Ÿ“ฑ Github: ๐Ÿ”— Link

---------------------------------------------------------
๐Ÿš€ ๐‹๐ž๐ฏ๐ž๐ฅ ๐”๐ฉ ๐˜๐จ๐ฎ๐ซ ๐‚๐ฒ๐›๐ž๐ซ๐’๐ž๐œ ๐†๐š๐ฆ๐ž! ๐Ÿ”ฅ
๐ŸŒ brutsec.com
๐Ÿ“ฑ ๐“๐ž๐ฅ๐ž๐ ๐ซ๐š๐ฆ: t.iss.one/brutsecurity
๐Ÿ’ผ ๐—: x.com/brutsecurity
๐Ÿ“– ๐„๐ญ๐ก๐ข๐œ๐š๐ฅ ๐‡๐š๐œ๐ค๐ข๐ง๐  ๐‘๐จ๐š๐๐ฆ๐š๐ฉ: topmate.io/saumadip/1391531
๐ŸŽ“ ๐‚๐จ๐ฎ๐ซ๐ฌ๐ž ๐„๐ง๐ซ๐จ๐ฅ๐ฅ๐ฆ๐ž๐ง๐ญ: wa.link/brutsecurity
โญ ๐‹๐ข๐ค๐ž ๐ญ๐ก๐ข๐ฌ ๐ฉ๐จ๐ฌ๐ญ? โ†’ ๐…๐จ๐ฅ๐ฅ๐จ๐ฐ, ๐‰๐จ๐ข๐ง, ๐’๐ฎ๐›๐ฌ๐œ๐ซ๐ข๐›๐ž & ๐’๐ž๐ง๐ ๐’๐ญ๐š๐ซ๐ฌ ๐ญ๐จ ๐ฌ๐ก๐จ๐ฐ ๐ฒ๐จ๐ฎ๐ซ ๐ฌ๐ฎ๐ฉ๐ฉ๐จ๐ซ๐ญ!

#bugbounty #bugbountytips #cybersecurity #infosec #brutsecurity
๐Ÿ”ฅ8โค2
4.23K viewsedited  
Brut Security
Whatttt!!! ๐Ÿค”๐Ÿค”๐Ÿค”๐Ÿค”
https://hackerone.com/reports/2553026
Please open Telegram to view this post
VIEW IN TELEGRAM
HackerOne
HackerOne disclosed on HackerOne: Domain highlighting on External...
There have been multiple issues with External Link Warning in the past. Sometimes it's Homograph, sometimes more than 2 slashes in link, sometimes domain highlighting and/or weird markdown. And...
๐Ÿคฃ9๐Ÿซก1
3.88K views
Brut Security
๐Ÿ‘ปCVE-2025-24071: Windows Explorer initiates an SMB authentication request upon extracting a .library-ms file from a .rar archive, exposing NTLM hashes. Extraction alone triggers the vulnerability.

โญ๏ธPOC- https://t.iss.one/brutsecurity_poc/45
Please open Telegram to view this post
VIEW IN TELEGRAM
1๐Ÿ”ฅ17๐Ÿ˜ฑ4โค3
4.06K viewsedited  
Brut Security
dON'T fORGET tO gIVE rEACTIONS
๐Ÿ˜ฑ11๐Ÿ”ฅ7โค5๐Ÿ‘4
3.81K views
Brut Security
โšกThe Ultimate PNPT Study Guide โ€“ Master Pentesting & Crush the Exam!

๐Ÿ”—Link: https://github.com/TrshPuppy/PNPT-study-guide
โค10๐Ÿ”ฅ4๐Ÿ‘3
3.91K views
Brut Security
๐Ÿ‘ปFind open Juice S3 Bucket using lazys3

๐ŸŽคLink: https://github.com/nahamsec/lazys3

๐Ÿ›กWriteups-

https://medium.com/me/stats/post/f6ae24cdcdfa

https://medium.com/securing/exploring-25k-aws-s3-buckets-f22ec87c3f2a

https://suleyman-celik8.medium.com/enumerate-s3-buckets-using-lazys3-d2f5de14d31
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿ‘10โค3๐Ÿ”ฅ3
4.04K viewsedited  
Brut Security
โšกSubDomain Grabber - A bug bounty tool to download, unzip, and clean subdomains from Chaos ProjectDiscovery.

๐ŸšจConverts *.abc.com to https://abc.com, organizes into directories, and removes ZIPs. Offers a colorful CLI, filters (BugCrowd, HackerOne, etc.), sorting, and pagination.

โœ…https://github.com/MuhammadWaseem29/SubDomain-Grabber
๐Ÿ”ฅ10๐Ÿ‘6
3.99K views
Brut Security
Subdominator - Unleash the Power of Subdomain Enumeration

https://github.com/RevoltSecurities/Subdominator
โค19๐Ÿ‘3
4.16K views
Brut Security
๐Ÿ‘ป Looking for a Discord Moderator!๐Ÿ‘ป

โš ๏ธWe need an active mod to help manage the Brut Security server. Based on performance, youโ€™ll be rewarded with swags, gift cards, or TryHackMe vouchers!

๐Ÿ”ฅJoin & Apply Now: https://discord.gg/u7uMFV833h
Please open Telegram to view this post
VIEW IN TELEGRAM
Discord
Join the Brut Security Discord Server!
Check out the Brut Security community on Discord - hang out with 950 other members and enjoy free voice and text chat.
๐Ÿ‘4
4.09K views
Brut Security
Brut Security pinned ยซ๐Ÿ‘ป Looking for a Discord Moderator!๐Ÿ‘ป โš ๏ธWe need an active mod to help manage the Brut Security server. Based on performance, youโ€™ll be rewarded with swags, gift cards, or TryHackMe vouchers! ๐Ÿ”ฅJoin & Apply Now: https://discord.gg/u7uMFV833hยป
Brut Security
Free Study Guide --> https://topmate.io/saumadip/1391531
topmate.io
Ethical Hacking Study Guide - 2025 with Saumadip Mandal
Free guide on 17 key ethical hacking topics by Brut Security
๐Ÿ”ฅ5โค1๐Ÿ‘1
3.98K views
Brut Security
๐Ÿ›กResearch Paper ๐Ÿ“–Next.js and the corrupt middleware: the authorizing artifact

๐Ÿ”ฅhttps://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿ”ฅ14โค4
4.1K views
Brut Security
โ˜บ๏ธYour support keeps me motivated to share more valuable content! If you found this helpful, drop a like & send stars โญ to help me keep going.

๐Ÿ’ฌ For queries, message me on Telegram: @wtf_brut
๐ŸŽ“ For course enrollment, reach out on WhatsApp: wa.link/brutsecurity
4๐Ÿ‘31๐Ÿ”ฅ9โค3๐Ÿ‘จโ€๐Ÿ’ป1๐Ÿซก1
3.83K viewsedited  
Brut Security
๐Ÿ” Want to find exploitable CVEs for cybersecurity testing?

Use CVEmap to spot vulnerabilities with public proof-of-concept, marked exploitable by CISA, remotely exploitable, and without Nuclei templates yet!

Flags to use: -k (CISA exploitable), -t=false (no template), -poc (has proof-of-concept), -re (remote).

Happy hunting! ๐Ÿ› ๏ธ
๐Ÿ‘18โค9
4.45K views
Brut Security
If you found a file upload function for an image, try introducing an image with XSS in the filename like so:
<img src=x onerror=alert('XSS')>.png
"><img src=x onerror=alert('XSS')>.png
"><svg onmouseover=alert(1)>.svg
<<script>alert('xss')<!--a-->a.png
โค13๐Ÿ‘6
4.47K viewsedited  
Brut Security
Use Vulhub to reproduce Next.js Middleware Authorization Bypass (CVE-2025-29927)
https://github.com/vulhub/vulhub/tree/master/next.js/CVE-2025-29927
๐Ÿ”ฅ7โค3๐Ÿ‘2๐Ÿ‘จโ€๐Ÿ’ป2
4.18K views
Brut Security
๐Ÿšจ 0day Hunters, Pay Attention! ๐Ÿšจ

CVE-2025-29927 โ€“ Next.js Middleware Auth Bypass [EXPLOIT]

Ever wondered what happens when middleware security checks fail silently? This vuln lets you slip past authentication like a ghost.

๐Ÿ’ฅ Reproduce it with Vulhub. Exploit it with Nuclei.

Itโ€™s waiting in our Discord.
๐Ÿ”— [Exploit Download]
๐Ÿ”ฅ13๐Ÿ‘3
4.56K views