Brut Security

☄️Hacking misconfigured Cloudflare R2 buckets: a complete guide By novasecio

👀https://blog.intigriti.com/hacking-tools/hacking-misconfigured-cloudflare-r2-buckets-a-complete-guide

Please open Telegram to view this post

VIEW IN TELEGRAM

Intigriti

Hacking misconfigured Cloudflare R2 buckets: A complete guide

Cloudflare R2 buckets are recently becoming more popular as an alternative to AWS S3 buckets for their simplicity, integration support and zero-egress fees. Customers who opt-in to use Cloudflare R2 a...

👍3❤1

3.4K viewsMr Brut, 13:41

Brut Security

⚠️

Bypass-Four03 is a powerful bash tool designed to help testers bypass HTTP 403 forbidden errors through various path and header manipulation techniques. It also includes fuzzing for HTTP methods and protocol versions, making it a versatile addition to any web security researcher's toolkit.

🖥

https://github.com/nazmul-ethi/Bypass-Four03

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥8❤1👍1

4.32K viewsMr Brut, 13:43

Brut Security

🚨

If you're looking for accurate IoT results, then Sign Up On @Netlas

😮‍💨

https://app.netlas.io/ref/9cc61538/

Please open Telegram to view this post

VIEW IN TELEGRAM

app.netlas.io

Discover, Research and Monitor any Assets Available Online

Internet intelligence apps that provide accurate technical information on IP addresses, domain names, websites, web applications, IoT devices, and other online assets.

3.73K viewsMr Brut, 14:35

Brut Security

Brut Security pinned «🚨If you're looking for accurate IoT results, then Sign Up On @Netlas 😮‍💨https://app.netlas.io/ref/9cc61538/»

14:35

Brut Security

👍6🔥3🗿1

3.63K viewsMr Brut, 19:19

Brut Security

☄️Subowner - A Simple python based tool to check for subdomain takeovers in mass scanning. Supports, AWS, Fastly, Shopify, Azure etc.

🚨https://github.com/ifconfig-me/subowner

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥6

3.97K viewsMr Brut, 19:31

Brut Security

⚡ OSCP Mind Map
🔗https://github.com/h0tak88r/Sec_Mind_Maps/blob/main/OSCP.xmind

❤2

4.06K viewsMr Brut, 05:53

Brut Security

Finding Hidden Parameter & Potential XSS with Arjun + KXSS

arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss

❤13

4.49K viewsMr Brut, 07:44

Brut Security

JS Recon : WaybackURLs & HTTPX

waybackurls url | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} python lazyegg[.]py "{}" --js_urls --domains --ips > urls && cat urls | grep '\.' | sort -u | xargs -I{} httpx -silent -u {} -sc -title -td

👍6❤3

4.45K viewsMr Brut, 08:20

Brut Security

The Top Hacker Methodologies.pdf

591.9 KB

🔥5

4.79K viewsMr Brut, 10:36

Brut Security

https://github.com/harsh-bothra/learn365/blob/main/days/day5.md

4.08K viewsMr Brut, 06:10

Brut Security

PRO TIP TO DETECT CSTI

- in your proxy add a match and replace rule for some keywords to make changes in the response

eg : TESTCSTI = {{7*9}}

3.72K viewsMr Rahim, 09:10

Brut Security

CVE-2024-8698: Privelege Escalation in Keycloak, 7.7 rating❗️

Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.

Search at Netlas.io:
👉 Link: https://nt.ls/LJfRK
👉 Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676

Read more: https://access.redhat.com/security/cve/CVE-2024-8698

❤1

3.79K viewsMr Brut, 11:01

Brut Security

⚡TOP 100 Vulnerabilities Step-by-Step Guide Handbook

https://github.com/Zorono/Learning-PDFs/blob/main/TOP%20100%20Vulnerabilities%20Step-by-Step%20Guide%20Handbook.pdf

GitHub

Learning-PDFs/TOP 100 Vulnerabilities Step-by-Step Guide Handbook.pdf at main · Zorono/Learning-PDFs

Contribute to Zorono/Learning-PDFs development by creating an account on GitHub.

❤12🐳1🗿1

3.92K viewsMr Brut, 19:03

Brut Security

🔥4🗿2❤1

3.54K viewsMr Brut, 08:27

Brut Security

CVE-2024-47062: SQL Injection and Auth Bypass in Navidrome Music Server, 9.4 rating 🔥

The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.

Search at Netlas.io:
👉 Link: https://nt.ls/N9Jj8
👉 Dork: http.description:"Navidrome Music Server"

Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6

👍4

4.05K viewsMr Brut, 14:14

Brut Security

https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b

Medium

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

Critical zero-click vulnerability chain in macOS (patched)

3.77K viewsMr Brut, 10:14

Brut Security

https://github.com/waf-bypass-maker/waf-community-bypasses/blob/main/payloads.twitter.csv

GitHub

waf-community-bypasses/payloads.twitter.csv at main · waf-bypass-maker/waf-community-bypasses

Contribute to waf-bypass-maker/waf-community-bypasses development by creating an account on GitHub.

3.86K viewsMr Brut, 14:40

Brut Security

0:07

This media is not supported in your browser

VIEW IN TELEGRAM

DUPLICATE

🗿6🐳2👍1

3.54K viewsMr Brut, edited 19:18

Brut Security

👍13❤4🔥4

4.45K viewsMr Brut, 19:29

🔖Hacking Kia: Remotely Controlling Cars With Just a License PlateNew writeup from Specters and Sam Curry: They were finally allowed to disclose a vulnerability reported to Kia that could have allowed an attacker to remotely control nearly all vehicles made after 2013, using only the license plate.

Full Blog: https://samcurry.net/hacking-kia

👍3❤2

3.64K viewsMr Brut, 05:55

About

Blog

Apps

Platform