It's raining creds - crawling DockerHub for leaked secrets at scale

Aliz Hammond

It is common knowledge amongst redteamers that private Docker container registries are often filled to the brim with interesting secrets. We wondered just how many secrets we could find if we took a good look at the publicly-accessible containers on the DockerHub site, and so built a system capable of crawling these images, extracting files, archiving them, and finally scanning them for interesting secrets. In total, we downloaded over 20,000 containers and found credentials for everything imaginable - Terraform, AWS, even cryptowallets were in our haul of over a million secrets. In this talk, I'll speak about how we managed to scale the system to this extent, and what problems we encountered, before giving a taste of the things we found.

Speaker's Bio

Aliz is a seasoned hacker who has been breaking binaries for many years, usually in Windows and often in kernel mode. Speaking frequently here in sunny Singapore, they are a deep believer in the power of community and knowledge sharing, preferring roles that permit them to speak openly about their research. Recently, their journey into hax has taken them away from their usual binary playground into the landscape of web technologies and scaled-up problems, where they are finding their background yields an advantage over those who can only see things at the higher layers. Currently working at watchTowr as a full-time researcher, they are enjoying their quest to find as many bugs as possible before the baddies do, and help secure the planet by being the first to hack it!