Red Team Village - Have My Keys Been Pwned? - TIB AV-Portal

Red Team Village - Have My Keys Been Pwned?

3

Soto, Rod Hernandez, Jose

Formal Metadata

Title

Red Team Village - Have My Keys Been Pwned?

Subtitle

API Edition

Title of Series

DEF CON Safe Mode

Number of Parts

374

Author

Hernandez, Jose

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/49142 (DOI)

Publisher

Release Date

Language

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Current status quo of credential management in cloud related DEVOPS environments enables attackers to easily obtain leaked credentials. This presentation showcases how leaked credentials in public repositories can potentially lead to further compromise in enterprise environments.The focus will be on the DEVOPS attack surface and the toolchains involved within this process in cloud platform environments. Presenters will use a recently released tool (Git Wild Hunt) to show how public leaks can lead to further compromise of individuals and enterprises with actual examples of derived information from compromised secrets. An analysis of credentials leaked globally and its source (company affected and user) will be provided as examples.