Linna

Cambodia accuses Thailand of detaining 20 soldiers after a ceasefire was agreed between the two sides. Cambodian officials take foreign diplomats to a destroyed border checkpoint in Preah Vihear and deny Thai claims of ceasefire violations. #Cambodia #Thailand #Ceasefire

Hackers 🔥 Stuck on a 403? Here are some powerful tricks to try for bypassing 🚀 1⃣ X-Forwarded-For 2⃣ X-Original-URL 3⃣ Referer 4⃣ HTTP method manipulation 5⃣ Case sensitive (/admin or /aDmIn) 6⃣ Encoding 7⃣ Path normalization Happy hunting! 🎯

beware of all applications developed in-house, where security may not be as strong as in a public app !

⚠️CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications. github.com/musana/CF-Hero ✅ Join Telegram For More Content: t.me/brutsecurity ---------------------------------------------------------------------------- 📖 Your Ethical Hacking Journey Starts Here → topmate.io/saumadip/13915… 🎓 Ready to Skill Up? Enroll Now → wa.link/brutsecurity 📢 Join the Community & Stay Updated: 📱 Discord: discord.gg/u7uMFV833h 💼 X (Twitter): x.com/brutsecurity ⭐ Found this helpful? Like, Share & Level Up Your Skills! #CyberSecurity #BugBounty #EthicalHacking #Infosec #BrutSecurity

Apache Tomcat: Potential RCE Severity : Critical CVE-2025-24813 Exploit : github.com/MuhammadWaseem… Refrence : github.com/advisories/GHS… #ApacheTomcat #bugbounty #RCE

A great and useful tip that helped me find many bugs is just to play with the HTTP method 😋 Here I found broken access control (sent PUT instead of GET/POST) in the API of the target, that enabled me to discover XSS where the developers did not expect any user input 🔥

Bypass OTP in an unexpected way : replace the OTP value to "true" ( without quote ) Origin Request - { "OTP": "11111" } Modify To - } "OTP": true } @deepk007/how-i-bypassed-otp-in-unexpected-way-2d4b478db512" target="_blank" rel="nofollow noopener">medium.com/@deepk007/how-… Credit: DEep

I just realized I have a large collection of notes taken during pentests, in-depth documentation on techniques and tradecraft, and a sizeable code repo. Considering sharing this in its written form. Probably time to use hackersploit.wiki. Lmk what you think

Bypass waf for SQL injection :) cloudflare command : sqlmap -u "target.com" --dbs --batch --time-sec 10 --level 3 --hex --random-agent --tamper=space2comment,betweeny time-based blind: +AND+(SELECT+5140+FROM+(SELECT(SLEEP(10)))lfTO)

🍪 Introducing the “Cookie Sandwich” technique. This vulnerability manipulates how servers parse cookies, potentially exposing sensitive user information like session IDs. Read more: portswigger.net/research/steal…

I just published Easy $10,000 bounty using Wayback Machine blog.bugbountyhunter.xyz/easy-10-000-bo…

Day 8 & 9 : LFI x2 Refer : @cyber_dark/cve-2024-41713-mitel-micollab-authentication-bypass-arbitrary-file-read-50e9224264b9" target="_blank" rel="nofollow noopener">medium.com/@cyber_dark/cv… Video : Will post on YouTube

Bypass CloudFlare WAF with JSFuck (jsfuck.com)♻️ #infosec #cybersec #bughunting

Introducing InternetCTF! 🤯 Earn up to $10,000 for finding RCE vulnerabilities in open-source software AND creating Tsunami plugin patches. Make the internet safer and get rewarded! 🤑 For details on the program, see our latest blog post: bughunters.google.com/blog/675213644…

Want to master 2FA bypassing? 🤑 Let's look at several possible ways to bypass this 2FA screen! 👇

Extract all endpoints from a JS File and take your bug 🐞 ✅Method one waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]? 15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\. (get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ] {5,})\"" | awk -F "['|"]" '{print $2}' sort -fu ✅Method two cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt #infosec #cybersec #bugbountytips

javascript How to extract urls,srcs and hrefs from all HTML elements in any website? Open DevTools and run urls = [] $$('*').forEach(element => { urls.push(element.src) urls.push(element.href) urls.push(element.url) }); console.log(...new Set(urls)) #infosec #cybersec #bugbounty

You can bypass path-based WAF restrictions by appending raw/unencoded non-printable and extended-ASCII characters like \x09 (Spring), \xA0 (Express), and \x1C-1F (Flask):

Did you know you can use an ancient magic cookie to downgrade parsers and bypass WAFs?! Neither did we. Enjoy! portswigger.net/research/bypas…

2FA Bypasses? Here are 10 Blogs to Learn more about it! 1. 0xm5awy.medium.com/10-2fa-bypasse… 2. ashketchum.medium.com/how-i-bypassed… 3. anonysm.medium.com/how-i-bypassed… 4. @mihad0x1/unlocking-success-my-journey-to-bypassing-2fa-and-winning-my-first-bounty-800-c6e7654feea4" target="_blank" rel="nofollow noopener">medium.com/@mihad0x1/unlo… 5. roohaan.medium.com/tricky-2fa-byp… 6. melguerdawi.medium.com/2fa-bypass-via… 7. @infosecwriteups/iw-weekly-74-rce-through-dependency-confusion-2fa-bypass-in-meta-client-side-prototype-853594fd9873" target="_blank" rel="nofollow noopener">medium.com/@infosecwriteu… 8. thegrayarea.tech/p1-bug-hunting… 9. @surendirans7777/2fa-bypass-techniques-32ec135fb7fe" target="_blank" rel="nofollow noopener">medium.com/@surendirans77… 10. @sharp488/2fa-bypass-via-oauth-linking-c8a640519ae8" target="_blank" rel="nofollow noopener">medium.com/@sharp488/2fa-… Stay connected and explore more: Courses & Trainings: linktr.ee/tcb_trainings Social Media & Resources: lnkd.in/ghAN2DRa Course Reviews: lnkd.in/dVN35BAH