Hackers of India

Red Team Credentials Reconnaissance (OLD with a TWIST)

By  Shantanu Khandelwal  on 07 Aug 2021 @ Defcon : Adversary Village : DemoLabs

This Tool Demo covers following tools where the speaker has contributed or authored
GITHUB-CREDENTIALS-STROLLER

Presentation Material

Abstract

This talk covers the basics of credentials reconnaissance performed for a red team. Mostly covers the reconnaissance performed on GitHub to search for leaked passwords by developers. The current toolset and the Shiny new GitHub Credentials Stroller which dives into each repository and performs a deep scan.