iOS 13 passcode bypass bug allows access to victim’s phone book

A passcode bypass flaw has been discovered in iOS 13, which is scheduled to go live next week.This vulnerability allows the attacker access to the victim’s phone book, including contact names and email addresses. Jose Rodriguez, a security researcher has reported a vulnerability that allows hackers to harvest contact details from the …

Read More »

shhgit: find GitHub secrets in real time

Finding secrets in GitHub is nothing new. There are many great tools available to help with this depending on which side of the fence you sit. On the adversarial side, popular tools such as gitrob and truggleHog focus on digging in to commit history to find secret tokens from specific repositories, users or organisations. …

Read More »

pixload – Image Payload Creating/Injecting tools

DESCRIPTION Set of tools for creating/injecting payload into images. SETUP The following Perl modules are required: - GD - Image::ExifTool - String::CRC32 On Debian-based systems install these packages: sudo apt install libgd-perl libimage-exiftool-perl libstring-crc32-perl On OSX please refer to this workaround. Thanks to @iosdec TOOLS bmp.pl BMP Payload Creator/Injector. Usage ./bmp.pl …

Read More »