Overview
Explore the world of secret exploitation in this 51-minute conference talk from BSidesLV. Delve into the methods used by attackers to discover and exploit secrets like API keys and credentials in various environments, including public and private git repositories, containers, and compiled mobile applications. Learn about the alarming statistics of exposed secrets, with 10 million discovered in public GitHub repositories in 2022 alone. Examine techniques for abusing GitHub's public API, discovering exposed .git directories on networks, and exploiting misconfigurations in git servers. Investigate how attackers can uncover secrets within compiled applications, with insights into the prevalence of plain text secrets in mobile applications on the Google Play Store and docker images on DockerHub.com. Gain valuable knowledge on identifying and addressing this persistent vulnerability in application security, presented by Mackenzie Jackson at PasswordsCon.
Syllabus
PW - The attackers guide to exploiting secrets in the universe
Taught by
BSidesLV