#Hacktivity2023 // How Attackers Find & Exploit Secrets in Source Code
Mackenzie Jackson - Exposed Credentials – How Attackers Find & Exploit Secrets in Source Code This presentation was held at #Hacktivity2023 IT security conference on 5th October 2023. Secrets like API keys, security certificates and other credentials are the crown jewels of organizations and provide access to the inner workings of your systems. But these secrets are sprawling through the internet at an alarming rate. A research project conducted throughout 2022 by GitGuardian uncovered 10 million leaked secrets publicly on GitHub.com and also uncovered that nearly 5% of all docker images contain at least one plain text credential. This problem only gets more severe when reviewing how many credentials can be found in private source code which is now a primary (and easy) target for attackers. This presentation breaks down the anatomy of recent breaches to explain how attackers find and exploit this massive problem to break into organizations and how we can prevent it. GitHub is the largest platform for open-source code, more than 80 million developers are active on the platform and tens of millions of public repositories are created every single year. But public code distribution on this scale brings with it a serious security threat, the unwanted exposure of API keys, credentials, and other secrets, a problem known as Secrets Sprawl. These secrets are the crown jewels of our applications and if leaked can grant attackers access to our application’s core infrastructure and data. This includes access to databases, cloud infrastructure and third-party services. The scale of the problem is exposed clearly in the yearly report released by GitGuardian titled “The State of Secrets Sprawl”. The report uncovered over millions secrets exposed in PUBLIC git repositories on GitHub. This presentation is going to present the 2023 State Of Secrets Sprawl report. This new report shows that the total number of secrets being leaked publicly has increased since 2021 and goes into detail about the types of secrets being leaked and core contributing factors for leaked secrets. The presentation will also explore: Recent high profile security breaches and how attackers found and exploited secrets What happens when you leak secrets publicly (We leak a secret live and watch bots try and exploit it) How developers can securely store and share their secrets What to do if you do accidentally leak secrets. #HACKTIVITY is the biggest event of its kind in Central & Eastern Europe. About 1000 visitors are coming from all around the globe every year to learn more about the latest trends of cybersecurity, get inspired by people with similar interest and develop themselves via comprehensive workshops and training sessions. https://www.hacktivity.com #cybersecurity #Exploit

Attacking AI - Jason Haddix - NDC Security 2026

Complete GitHub Actions Course - From BEGINNER to PRO

BlueHat IL 2026 - Gal Bar Nahum - How HTTP/2 Lets Dead Streams Keep Servers Working

Edward Snowden Reveals How They Spy on You

Zero-Click Attacks: AI Agents and the Next Cybersecurity Challenge

Accelerating Corteva’s Data Source Onboarding With Lakeflow

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox

How to Detect a Fake Cell Tower Spying on Your Phone (Stingray)

God Says:"THIS IS AN URGENT MESSAGE FOR YOU TODAY."/God Message Now/God Message

Cybersecurity IDR: Incident Detection & Response | Google Cybersecurity Certificate

Something is jamming GPS over Europe. Here's what we found

World's Deadliest Computer Virus: WannaCry

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains

Social Engineer: YOU are Easier to Hack than your Computer

How Your Phone is Tracked in 2026 – And How to Stop It

The Ultimate FastAPI + React Full Stack Project (Deploy This and You’re Set)

CLAUDE CODE MASTERCLASS 4 HOURS: Build & Sell (2026)

Learn Git – Full Course for Beginners

Cybersecurity Expert Answers Hacking History Questions | Tech Support | WIRED

