Explore the world of secret exploitation in this 51-minute conference talk from BSidesLV. Delve into the methods used by attackers to discover and exploit secrets like API keys and credentials in various environments, including public and private git repositories, containers, and compiled mobile applications. Learn about the alarming statistics of exposed secrets, with 10 million discovered in public GitHub repositories in 2022 alone. Examine techniques for abusing GitHub's public API, discovering exposed .git directories on networks, and exploiting misconfigurations in git servers. Investigate how attackers can uncover secrets within compiled applications, with insights into the prevalence of plain text secrets in mobile applications on the Google Play Store and docker images on DockerHub.com. Gain valuable knowledge on identifying and addressing this persistent vulnerability in application security, presented by Mackenzie Jackson at PasswordsCon.
The Attacker's Guide to Exploiting Secrets in the Universe
Overview
Syllabus
PW - The attackers guide to exploiting secrets in the universe
Taught by
BSidesLV
Related Courses
-
Mobile Application Security: Preventing Credential Leaks - How Millions of Secrets Are Exposed
-
Exploiting and Securing Vulnerabilities in Java Applications
-
Pentesting 101: The Ultimate Hacking Guide Start To Finish
-
Gaining Initial Access by Exploiting Leaked Credentials
-
Exposed Secrets - How Public Git Repositories and Docker Images Expose Millions of Secrets Like API Keys and Security Certificates Every Year
-
Securing Mobile App Secrets: Preventing Credential Leaks in Android Applications
