Silent Leaks: Harvesting Secrets from Shared Linux Environments

Presented at DEF CON 33 (2025), Aug. 8, 2025, 5:30 p.m. (20 minutes).

You don’t need a kernel exploit to cross security boundaries in Linux, and all it takes is what the system already gives you. In this talk, I’ll expose a class of quiet yet dangerous vulnerabilities where common system features in multi-user Linux environments leak sensitive information between users by default. We’ll explore how standard process inspection mechanisms and insecure scripting practices in real-world infrastructures, especially those used by large hosting panel providers can expose database passwords, API tokens, internal URLs, and other secrets to unprivileged users. I’ll demonstrate how simple, legitimate system behaviors can be passively weaponized to gather intelligence, fingerprint users, and pivot across services. All without ever escalating privileges or exploiting a single bug. This talk shows how misconfigurations and design oversights can open the door to unintended visibility. Whether you're a sysadmin, penetration tester, or just someone who lives in a shell, you’ll leave with a better understanding of what your environment might be silently exposing and how to lock it down.

Presenters:

• Cernica Ionut Cosmin
  Ionut Cernica began his security journey through Facebook’s bug bounty program and quickly made a name for himself by responsibly disclosing vulnerabilities to major companies including Google, Microsoft, Yahoo, AT&T, eBay, and VMware. With over nine years of experience in web application security and penetration testing, he has built a solid reputation in both offensive and defensive security research. Beyond bug bounty, Ionut is a seasoned CTF competitor, having participated in over 100 security competitions worldwide. He has represented the PwnThyBytes team in high-profile finals such as Codegate, Trend Micro, and DEF CON. Among his individual accomplishments, he won the mini CTF at the very first edition of AppSec Village at DEF CON. Currently, Ionut is an Application Security Engineer at UiPath, where he focuses on product security and AI security research.