Pillaging DVCS Repos For Fun and Profit

Presented at ToorCon San Diego 13 (2011), Oct. 9, 2011, 2 p.m. (20 minutes)

Distributed Version Control Systems, like git are becoming an increasingly popular way to deploy web applications and web related resources. Research shows these repositories commonly contain information very useful to an attacker. This talk will demonstrate how to identify these repositories and techniques to pillage just as much information as possible from them. Lastly there will be a demonstration of the DVCS pillage toolkit to automate data extraction from identified repositories.

Presenters:

• Adam Baldwin / EvilPacket   as EvilPacket
  Adam has over 10+ years of mostly self taught computer security experience and currently is the co-founder and principal consultant at nGenuity focusing on security of web applications. He at one time possessed a GCIA and apparently still has a CISSP. Prior to starting nGenuity Adam worked for Symantec. Adam is a minor contributor to the W3AF & PTES projects and has previously spoke at numerous conferences, including DEFCON and ToorCamp.

Similar Presentations:

• BSidesLV 2023 / The attackers guide to exploiting secrets in the universe
• DerbyCon 3.0 All in the Family (2013) / gitDigger: Creating useful wordlists from public GitHub repositories
• DEF CON 19 (2011) / Pillaging DVCS Repos For Fun And Profit