Pillaging DVCS Repos For Fun And Profit

Presented at DEF CON 19 (2011), Aug. 6, 2011, 6:30 p.m. (20 minutes)

Distributed Version Control Systems, like git are becoming an increasingly popular way to deploy web applications and web related resources. Our research shows these repositories commonly contain information very useful to an attacker. This talk, which was part of my small contribution to the Penetration Testing Execution Standard (PTES) will demonstrate how to identify these repositories and techniques to pillage just as much information as possible from them. Lastly there will be release of a toolkit to automate the the discussed techniques supporting git, hg and bzr repositories!

Presenters:

• Adam Baldwin / EvilPacket - Co-Founder / nGenuity   as Adam Baldwin
  Adam Baldwin has over 10+ years of mostly self taught computer security experience and currently is the co-founder and Chief Pwning Officer at nGenuity focusing on security of web applications. He at one time possessed a GCIA and if his CPE's are up to date should still have a CISSP. Prior to starting nGenuity Adam worked for Symantec. Adam is a minor contributor to the W3AF project and has previously spoke at Toorcamp, Djangcon 2010, and JSconf 2011.

Links:

• https://defcon.org/html/defcon-19/dc-19-speakers.html#Baldwin
• https://infocon.org/cons/DEF CON/DEF CON 19/DEF CON 19 video and slides/DEF CON 19 - Adam Baldwin - Pillaging DVCS Repos For Fun And Profit - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=XCFC2Mi4A6s

Similar Presentations:

• BSidesLV 2023 / The attackers guide to exploiting secrets in the universe
• BSidesLV 2017 / /.git/ing All Your Data
• ToorCon San Diego 13 (2011) / Pillaging DVCS Repos For Fun and Profit