Cybersecurity

7940 readers

8 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets (trufflesecurity.com)

submitted 3 weeks ago by Pro@programming.dev to c/cybersecurity@sh.itjust.works

0 comments fedilink hide all child comments

GitHub Archive logs every public commit, even the ones developers try to delete. Force pushes often cover up mistakes like leaked credentials by rewriting Git history. GitHub keeps these dangling commits, from what we can tell, forever. In the archive, they show up as “zero-commit” PushEvents.

I scanned every force push event since 2020 and uncovered secrets worth $25k in bug bounties.

Together with Truffle Security, we're open sourcing a new tool to scan your own GitHub organization for these hidden commits (try it here).

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here