📢 Take the 30-Day Bug Hunting Challenge!
🚨 Get ready to put your skills to the test! The challenge will be starting from June 1st.
👉 Anyone can participate in the challenge by joining our community. This is a self-help goal challenge where you will need to dedicate yourself for 30 days until you successfully find a bug and report it.
🔗 Join the Brut Security Community on Nas.io now: https://nas.io/brutsecurity
📝 For Enquiries DM us in WhatsApp: https://wa.me/918945971332
🚨 Get ready to put your skills to the test! The challenge will be starting from June 1st.
👉 Anyone can participate in the challenge by joining our community. This is a self-help goal challenge where you will need to dedicate yourself for 30 days until you successfully find a bug and report it.
🔗 Join the Brut Security Community on Nas.io now: https://nas.io/brutsecurity
📝 For Enquiries DM us in WhatsApp: https://wa.me/918945971332
👎2
🚨CVE-2024-22120: Zabbix SQLi Vulnerability🚨
⚠POC: https://lnkd.in/gtbSbpvg
⚠POC: https://lnkd.in/gv5t27Vw
👉This time-based SQL injection flaw poses a significant risk to systems running affected Zabbix, potentially allowing attackers to escalate privileges and even achieve remote code execution (RCE).
📢Reference: https://lnkd.in/g3iSTYEy
📝Dorks:
Hunter:/product.name="Zabbix"
FOFA:app="ZABBIX-Monitoring"
SHODAN:http.component:"Zabbix"
⚠POC: https://lnkd.in/gtbSbpvg
⚠POC: https://lnkd.in/gv5t27Vw
👉This time-based SQL injection flaw poses a significant risk to systems running affected Zabbix, potentially allowing attackers to escalate privileges and even achieve remote code execution (RCE).
📢Reference: https://lnkd.in/g3iSTYEy
📝Dorks:
Hunter:/product.name="Zabbix"
FOFA:app="ZABBIX-Monitoring"
SHODAN:http.component:"Zabbix"
👍3🔥2
🚨CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript execution in PDF.js
👉A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.
📢POC: https://www.youtube.com/watch?v=c90_UKJvj_w
📢POC: https://github.com/LOURC0D3/CVE-2024-4367-PoC
👉A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.
📢POC: https://www.youtube.com/watch?v=c90_UKJvj_w
📢POC: https://github.com/LOURC0D3/CVE-2024-4367-PoC
🔥3👍2
What are the Cybersecurity Risks of Mobile Banking Apps?
Anonymous Poll
19%
Malware
36%
App Vulnerabilities
28%
Phishing Attacks
16%
Man-in-the-Middle Attacks
This XSS Payload bypasses Imperva's Protection.
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle=alert(origin)>
👍9
🚨Start you cybersecurity career with Brut Security
💥New Batch Starting From July 1st Week!!
💥Why Enroll?
Our course follows industry-standard curriculum, such as CEH by EC-Council, to ensure you gain the essential skills for a career in cybersecurity.
💥Got Questions?
Feel free to DM your queries on our WhatsApp: Chat with Us https://wa.me/918945971332
💥Here's what you'll learn:
Information Gathering
Social Engineering
System Hacking
Network Penetration Testing
Capture the Flag (CTF) Challenges
Basic Forensics
Web Penetration Testing (OWASP Top 10)
👉Course Curriculum: https://brutsec.com/Ethical_Hacking.pdf
💥Course Highlights:
1. International Standard Curriculum: Prepares you for entry-level cybersecurity roles.
2. Hands-On Learning: Practical exercises and real-world scenarios.
3. Community Support: Join our Telegram Community https://news.1rj.ru/str/brutsecurity for peer support and networking.
💥Link- https://nas.io/brutsecurity/ckub
💥Got Questions?
Feel free to DM your queries on our WhatsApp: Chat with Us https://wa.me/918945971332
#brutsecurity #ethicalhacking #cybersecurity
💥New Batch Starting From July 1st Week!!
💥Why Enroll?
Our course follows industry-standard curriculum, such as CEH by EC-Council, to ensure you gain the essential skills for a career in cybersecurity.
💥Got Questions?
Feel free to DM your queries on our WhatsApp: Chat with Us https://wa.me/918945971332
💥Here's what you'll learn:
Information Gathering
Social Engineering
System Hacking
Network Penetration Testing
Capture the Flag (CTF) Challenges
Basic Forensics
Web Penetration Testing (OWASP Top 10)
👉Course Curriculum: https://brutsec.com/Ethical_Hacking.pdf
💥Course Highlights:
1. International Standard Curriculum: Prepares you for entry-level cybersecurity roles.
2. Hands-On Learning: Practical exercises and real-world scenarios.
3. Community Support: Join our Telegram Community https://news.1rj.ru/str/brutsecurity for peer support and networking.
💥Link- https://nas.io/brutsecurity/ckub
💥Got Questions?
Feel free to DM your queries on our WhatsApp: Chat with Us https://wa.me/918945971332
#brutsecurity #ethicalhacking #cybersecurity
WhatsApp.com
Brut Security
Business Account
👍1🗿1
Brut Security pinned «🚨Start you cybersecurity career with Brut Security 💥New Batch Starting From July 1st Week!! 💥Why Enroll? Our course follows industry-standard curriculum, such as CEH by EC-Council, to ensure you gain the essential skills for a career in cybersecurity. …»
Brut Security
A little Automation used and the results are great💥
Simple things make easier. Don't complicate your approaching skills. If you're using automation, there is a 50/50 chance + you need luck to get it triaged. More time devoted to the program, more will be the results. So, I will suggest everyone just doing automation is good, but focus on manual testing is ending with the good results.
❤🔥7👍2
I usually doesn't want to promote bug bounty much, because back in 2015 bugbounty was gold mine, no one knows about it much. Who knows it very well, they mine it till 2022. Afterwards the competition got increased, everyone's want to be full time bug hunter or a cybersecurity professional. When supply increase demand automatically got reduced. So what about the current bugbounty scenario? Yes you can do bugbounty, but without the basic knowledge of any topics don't do that for money only. It'll use your precious time to just waste for nothing. Just want to say Learn and Focus on you, money will follow you. If you reading this till, I hope you have a good day!
👍11❤🔥6❤3
This media is not supported in your browser
VIEW IN TELEGRAM
Cloudflare Bypass Script -
https://github.com/sarperavci/CloudflareBypassForScraping
https://github.com/sarperavci/CloudflareBypassForScraping
❤🔥6🔥2