👩‍💻IW Weekly #116: GitHub Copilot Prompt Injection, r2frida for iOS Runtime Manipulation, Data Exfiltration from Restricted Environment, iOS URL Scheme Hijacking and many more…

Welcome to the #IWWeekly116 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. @monkehack and their friend found a very interesting vulnerability which allowed them to exfiltrate data from an extremely limited Javascript environment. 
2. @MrTuxracer and @Evan_Connelly identified nearly 30 popular apps, as well as a feature within iOS itself, vulnerable to a Mobile OAuth attack which allowed the attacker to take over victim accounts.
3. @ott3rly teaches us how to hunt for leaked sensitive documents at scale.
4. Explore how r2frida can be instrumental in manipulating an iOS app's runtime with @appknox.
5. Read this fantastic blog written by @wunderwuzzi23 to understand how the GitHub Copilot Chat VS Code Extension was vulnerable to data exfiltration via prompt injection. 

🧵4 Trending Tweets

1. Discover expert tips and tools for hunting down juicy endpoints in bug bounty hunts from @Jhaddix . 
2. Explore the world of supply chain dependency confusion attacks and package enumeration with @ctbbpodcast . 
3. Missing out on hidden services? Don't skip port scanning! Here are the top 5 tools recommended by @intigriti. 
4. $$$$$ at the age of 16! Learn the key points and aspects of conquering bug bounties from @itz_mg_ .

📽️ 3 Insightful Videos

1. Conquer the world of Javascript analysis from this talk by @TomNomNom at @NahamSec’ s Nahamcon 2024. 
2. Explore the underrated BurpSuite feature-”Match and Replace” to double your bounties with @ctbbpodcast
3. Dive into @PinkDraconian’s detailed walkthrough of @hackthebox_eu business CTF chaining Request smuggling and SSRF.

💼 2 Job Alerts

1. Redfox Cyber Security  Pvt ltd is hiring for Web and Mobile penetration testers. 
2. Grab the opportunity to be the next senior cyber security program management lead at @bakerhughesco. 

🎁 1 Special Item

1. Checkout this super-fun CSP bypass challenge by @terjanq.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar, Shlok

Newsletter formatting by: Hardik Singh, Bhavesh Harmalkar, Nithin R, Shlok, Vivek Reddy, Siddhesh Prakash Patil

Lots of love
Editorial team,
Infosec Writeups