DeepSec 2023 Talk: The Attackers Guide to Exploiting Secrets in the Universe – Mackenzie Jackson

Sanna/ October 12, 2023/ Conference/ 0 comments

Exposed secrets like API keys and other credentials are the crown jewels of organizations but continue to be a persistent vulnerability within security. Most security breaches leverage secrets during the attack path. This presentation sheds light on the various methods used by attackers to discover and exploit these secrets in different technologies. This guide will include how to Abuse public and private code repositories Decompile containers Decompile mobile applications from the App and Play Stores. We combine novel research, real-life attack paths, and live demos to prove exactly the steps attackers take, revealing their play-book. Presentation Details Recent research has shown that git repositories are treasure troves full of secrets. A year-long study showed that 10 million secrets were pushed into public repositories in 2022 alone. We will show exactly how adversaries abuse the

Read More

DeepSec 2022 Training: Practical Secure Code Review – Seth Law, Ken Johnson

Sanna/ September 23, 2022/ Training

Ready to take your bug hunting to a deeper level? Ever been tasked with reviewing source code for SQL Injection, XSS, Access Control and other security flaws? Does the idea of reviewing code leave you with heartburn? This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review. Short circuit your development of a custom secure code review process by gleaning from Seth & Ken’s past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will share a proven methodology to perform security analysis of any source code repository and suss out security flaws, no matter the size of the code base, or the framework, or the language. We asked Seth and Ken

Read More