I Found Your Github Secrets
Рет қаралды 51,631
Күн бұрын
@devKazuto Жыл бұрын
That's why it's a good idea to squash your pull/merge requests. As long as a secret is not merged in a branch the history of adding and removing a secret will be lost.
@qwltr Жыл бұрын
Found this channel recently - extremely good content, keep going.
@bakaryk2435 Жыл бұрын
Thanks for sharing John! especially the first method with bash
@angryyardie1284 Жыл бұрын
Another way this could be done, in particular with repositories with larger numbers of commits is to make use of git bisect. Using git bisect, you can binary search your way to find the commit that you're looking for by setting the start to the first commit and the end as the HEAD. With that, you can create a script that returns say 1 when no secret is found and 0 when it is found and terminate your search the first time your script returns 0
@AUBCodeII Жыл бұрын
binary search > sequential search
@inx1819 Жыл бұрын
9:40 im curious is there any vulnerability here or is it just a random piece of code
@alexandrucomanescu9857 Жыл бұрын
Same.
@dom1310df Жыл бұрын
FYI PyPI is pronounced pie-pee-eye, to avoid confusion with PyPy (the JIT version of Python)
@jpineda79 Жыл бұрын
hi John, make a setup tutorial for Kali Purple please and your thoughts of it.
@energy-tunes Жыл бұрын
Please more of this
@vipuldawar88 Жыл бұрын
How do fix the git history in such cases? What are steps to prevent such attacks?
@vipuldawar88 Жыл бұрын
@Arnav Vijaywargiya who does that? That’s insane
@nordgaren2358 Жыл бұрын
Maybe when you are merging the commit with sensitive info, you can squash the commit with others to be a single commit?
@logiciananimal Жыл бұрын
@Arnav Vijaywargiya That's sadly often correct.
@davidt01 Жыл бұрын
Rotate the token if possible.
@dack42 Жыл бұрын
You can modify the history with tools like "git filter-repo" or BFG repo cleaner.
@nav34d Жыл бұрын
Do you like it thicc or you do you like it drip
@thebush6077 Жыл бұрын
Thicc
@laneprokopp9746 Жыл бұрын
The kind you drink
@declanmcardle Жыл бұрын
@13:27 grep -Ev 'pattern1|pattern2' instead of grep -v | grep -v | grep -v ...
@ejonesss Жыл бұрын
couldnt you just download all the commits as separate text files and do a search for the string on all the files?
@dotconnector3889 Жыл бұрын
Awesome!
@tyrojames9937 Жыл бұрын
NICE.
@RealCyberCrime Жыл бұрын
I’m thinking about making a similar video on how hackers leverage GitHub!
@nordgaren2358 Жыл бұрын
You post this on every video... o.0
@FreshRex Жыл бұрын
Do it i will sub now
@MelroyvandenBerg Жыл бұрын
great!
@serkhetreo2489 Жыл бұрын
true
@DarkFaken Жыл бұрын
Love you ❤️
@davidmckee533 Жыл бұрын
BAD John Hammond Bad
@v.s.spavanakasinadhasarmaswaya Жыл бұрын
pico CTF event has been started any suggisitions please
@ХалидДрис Жыл бұрын
this is considered easter egg ? XD
@Vvengance Жыл бұрын
Are you Red?
@arnoeagleeyes Жыл бұрын
Wow, i am learning so much stuff from this series that i can use in my daily work as a programmer. Thank you for that.
@CybersFutures Жыл бұрын
Hacking tools video please to showcase some cool hacking tools
@MrHasooooni Жыл бұрын
your channel is just an awesome learning journey by itslef man keep up the good work much love
@tbrew5265 Жыл бұрын
🤝 firm handshakes, John. I appreciate your guidance and wisdom.
@rajeshsagar3912 Жыл бұрын
great explanation, thank you
@LostInTheRush Жыл бұрын
Hey John. I really like your content, so don't take this the wrong way. I've been wondering why I regularly have trouble focusing throughout your videos, and I think I've come to the conclusion that it's because you speak very "loudly" (not in amplitude obviously, but in articulation), which when listening for longer periods of time, can become quite mentally tiring. A bit like being yelled at for 17 minutes. Not sure if it's just my neurodivergent ass, but I thought I'd mention it. I mean, I assume you compress the audio as well to increase loudness, and if people need it louder, they can just increase the volume. I am 100% sure people will still find your videos interesting and engaging with a little less power on the speak. Keep up the great work though!
@secinject814 Жыл бұрын
I can see what you mean, he does speak quite loudly, and quite fast as well. Even for a native speaker like me it definitely takes me focus to not only process everything he is saying but just keep up. But I'd take that over mumbling, quiet channels who speak at a snail's pace. *And really, we as viewers have the power to control our volume, and our viewing speed as well*. So honestly I'd rather him just feel comfortable explaining topics at his own pace, and in his own style. We should be happy to have him at all. The guy is a goldmine of amazing teaching, instruction and enthusiasm. A real breath of fresh air amongst all those god-forsaken cursed videos... the ones with loud and terrible trance/electronic music, no narration to describe what's going on, and any information needed to be given out is literally typed out on notepad, like what in the actual f**k.. I despise those videos, they really boil my blood lol. So John will always be in my top 10 of cyber-sec teachers in my book. He's intelligent, highly experienced and certified, enthusiastic to teach others, and puts great effort into making his videos well-made and informative. So hats off to John, much, much love to ya.
@AUBCodeII Жыл бұрын
He speaks like a sigma male
@antonpetrov145 Жыл бұрын
I am curious what can you do with the pypi password?
@dustinhxc Жыл бұрын
That was amazing! I was curious how to do the GIT bug bounties. Obviously won’t find anything, but good to see in action. Thank you!
@mr.unforgettable Жыл бұрын
Hey John, very recently I have seen a new method of KZbin scam for cracked software which involves AI. Perhaps you should investigate this whether it is using the same info stealer malware or whether it is some mutated or new type. I was made aware of this by a muthahar which droped today.
@Stopinvadingmyhardware Жыл бұрын
I would have told you that there's nothing in there, you didn't have to steal accesss.
@illusionsingh Жыл бұрын
Oscp changes 2023 I want new video
@debrabest5035 Жыл бұрын
THANK YOU SO MUCH!!!!!!! INTERESTING, AND INFORMATIVE!!!!!!! AGAIN, THANK YOU, AND, BE BLESSED❤️🙏
@kevinalexander4959 Жыл бұрын
stop yelling its too early
@debrabest5035 Жыл бұрын
I'M NOT YELLING SIR I HAVE BAD VISION, SO TYPING IN UPPERCASE, IS EASIER FOR ME TO SEE!!!!!!!! HOWEVER, BEING THAT THIS TROUBLES YOU, I WILL NOT REPLY, NOR VIEW YOUR VIDEOS AGAIN!!!!!!! BE BLESSED❤️🙏
@nordgaren2358 Жыл бұрын
@@debrabest5035 That wasn't John who replied to you, it was just a random user. No need to boycott Johns videos because of a random user!
@kevinalexander4959 Жыл бұрын
@@nordgaren2358 lmao
@kevinalexander4959 Жыл бұрын
@@debrabest5035 wow for not being able to see well without CAPS LOCKKKKK you sure have no issues clicking small emoticons.
@Hackanhacker Жыл бұрын
HOW REFRESHING TO NOT HAVE A COMMON SPONSOR THAT DOESNT FIT THE CHANNEL WOW LOL
@tigreonice2339 Жыл бұрын
So... how to prevent that? 😅 Omg 😮
@bronxandbrenx Жыл бұрын
Thank you master John
@Naath000 Жыл бұрын
loved your all videos
@axer552 Жыл бұрын
Hello
@martinmiosga9517 Жыл бұрын
Hello, what do I do if I forgot the password to Kali?
@TCKRDefense Жыл бұрын
use a password manager. or take a screenshot of the password and save it in a cloud .
@AcezeroGame Жыл бұрын
404th viewer, very lucky day for me😊
@vladventura1928 Жыл бұрын
Really? I couldn't find you 🤔🤣
@UncleReals Жыл бұрын
thanks for ruining this now I won't be making money anymore
@CZghost Жыл бұрын
Isn't it reupload?
@zdzisawdyrma3319 Жыл бұрын
:)
@thebush6077 Жыл бұрын
3 min gang
@fqoffgoogleurcr33py Жыл бұрын
So many ads
@DS6Prophet Жыл бұрын
Use adblocker! I only turn it off for specific KZbinrs, so they get to make their earnings. Not for everyone though.
@declanmcardle Жыл бұрын
@8:20 export PAGER=none
@tollsimyfpv Жыл бұрын
BFG-repo-cleaner can be used to remove secrets from a git repo
ГИПЕРБОРЕЙ
Рет қаралды 511 М.
Oscar's Funny World
Рет қаралды 39 МЛН
Incodenito
Рет қаралды 3,2 М.