8. 1. WHY DEVELOPERS?
• Technical people but usually not security
savvy
– Influencers
– Access to information & systems
– Common habits we can exploit:
• Science Fiction
• Anime
• Porn
• Beer
9. 1. METHODOLOGY
1. Identify source code repo
1. Organization
2. Individuals
2. Search for OSINT patterns in code
3. Go to Social Networks
17. 2. GITROB I
• Reconnaissance tool for GitHub
organizations
• Search for sensitive information in
repos:
– Credentials
– Private keys
• https://github.com/michenriksen/gitrob