Don't be stupd on GitHub

Presented at THOTCON 0x7 (2016), May 5, 2016, 3 p.m. (25 minutes)

You may be surprised (you probably shouldn't) at all of the sensitive information people put on GitHub. If you look, you can find everything from database passwords, RSA private keys, and even unix shadow files. Not only will I show you how to find all this awesome data but I will show you how to harvest as much of it as possible as well as some password analysis on the passwords that were found.

Presenters:

• metacortex
  Currently a native of SLC and founder of the 801 Labs hacker space as well as responsible for reviving the local DEF CON group, DC801.

Similar Presentations:

• HOPE 2020 Virtual Rescheduled / Password Superpowers: How to Crack Hashes and Stump Hackers
• NolaCon 2016 / Don’t be stupid with GitHub
• ToorCon San Diego 17 (2015) / Don't be stupid with GitHub