Cambodia accuses Thailand of detaining 20 soldiers after a ceasefire was agreed between the two sides. Cambodian officials take foreign diplomats to a destroyed border checkpoint in Preah Vihear and deny Thai claims of ceasefire violations. #Cambodia #Thailand #Ceasefire

Hackers 🔥 Stuck on a 403? Here are some powerful tricks to try for bypassing 🚀 1⃣ X-Forwarded-For 2⃣ X-Original-URL 3⃣ Referer 4⃣ HTTP method manipulation 5⃣ Case sensitive (/admin or /aDmIn) 6⃣ Encoding 7⃣ Path normalization Happy hunting! 🎯

beware of all applications developed in-house, where security may not be as strong as in a public app !

⚠️CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications. github.com/musana/CF-Hero ✅ Join Telegram For More Content: t.me/brutsecurity ---------------------------------------------------------------------------- 📖 Your Ethical Hacking Journey Starts Here → topmate.io/saumadip/1391531 🎓 Ready to Skill Up? Enroll Now → wa.link/brutsecurity 📢 Join the Community & Stay Updated: 📱 Discord: discord.gg/u7uMFV833h 💼 X (Twitter): x.com/brutsecurity ⭐ Found this helpful? Like, Share & Level Up Your Skills! #CyberSecurity #BugBounty #EthicalHacking #Infosec #BrutSecurity

Apache Tomcat: Potential RCE Severity : Critical CVE-2025-24813 Exploit : github.com/MuhammadWaseem29/… Refrence : github.com/advisories/GHSA-8… #ApacheTomcat #bugbounty #RCE

A great and useful tip that helped me find many bugs is just to play with the HTTP method 😋 Here I found broken access control (sent PUT instead of GET/POST) in the API of the target, that enabled me to discover XSS where the developers did not expect any user input 🔥

Bypass OTP in an unexpected way : replace the OTP value to "true" ( without quote ) Origin Request - { "OTP": "11111" } Modify To - } "OTP": true } medium.com/@deepk007/how-i-b… Credit: DEep

I just realized I have a large collection of notes taken during pentests, in-depth documentation on techniques and tradecraft, and a sizeable code repo. Considering sharing this in its written form. Probably time to use hackersploit.wiki. Lmk what you think

Bypass waf for SQL injection :) cloudflare command : sqlmap -u "target.com" --dbs --batch --time-sec 10 --level 3 --hex --random-agent --tamper=space2comment,betweeny time-based blind: AND (SELECT 5140 FROM (SELECT(SLEEP(10)))lfTO)

🍪 Introducing the “Cookie Sandwich” technique. This vulnerability manipulates how servers parse cookies, potentially exposing sensitive user information like session IDs. Read more: portswigger.net/research/ste…

I just published Easy $10,000 bounty using Wayback Machine blog.bugbountyhunter.xyz/eas…

Day 8 & 9 : LFI x2 Refer : medium.com/@cyber_dark/cve-2… Video : Will post on YouTube

Bypass CloudFlare WAF with JSFuck (jsfuck.com)♻️ #infosec #cybersec #bughunting

Introducing InternetCTF! 🤯 Earn up to $10,000 for finding RCE vulnerabilities in open-source software AND creating Tsunami plugin patches. Make the internet safer and get rewarded! 🤑 For details on the program, see our latest blog post: bughunters.google.com/blog/6…

Want to master 2FA bypassing? 🤑 Let's look at several possible ways to bypass this 2FA screen! 👇

Extract all endpoints from a JS File and take your bug 🐞 ✅Method one waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]? 15*[=: 1\5*[ '\"]?[^'\"] .js[^'|"> ]*" | awk -F '/' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\. (get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ] {5,})\"" | awk -F "['|"]" '{print $2}' sort -fu ✅Method two cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt #infosec #cybersec #bugbountytips

javascript How to extract urls,srcs and hrefs from all HTML elements in any website? Open DevTools and run urls = [] $$('*').forEach(element => { urls.push(element.src) urls.push(element.href) urls.push(element.url) }); console.log(...new Set(urls)) #infosec #cybersec #bugbounty

You can bypass path-based WAF restrictions by appending raw/unencoded non-printable and extended-ASCII characters like \x09 (Spring), \xA0 (Express), and \x1C-1F (Flask):

Did you know you can use an ancient magic cookie to downgrade parsers and bypass WAFs?! Neither did we. Enjoy! portswigger.net/research/byp…

2FA Bypasses? Here are 10 Blogs to Learn more about it! 1. 0xm5awy.medium.com/10-2fa-by… 2. ashketchum.medium.com/how-i-… 3. anonysm.medium.com/how-i-byp… 4. medium.com/@mihad0x1/unlocki… 5. roohaan.medium.com/tricky-2f… 6. melguerdawi.medium.com/2fa-b… 7. medium.com/@infosecwriteups/… 8. thegrayarea.tech/p1-bug-hunt… 9. medium.com/@surendirans7777/… 10. medium.com/@sharp488/2fa-byp… Stay connected and explore more: Courses & Trainings: linktr.ee/tcb_trainings Social Media & Resources: lnkd.in/ghAN2DRa Course Reviews: lnkd.in/dVN35BAH