← Back to context

Comment by morpheuskafka

10 hours ago

The repo name was literally "Private-CISA". Would be fun to (a) search through repo names with private/internal/etc in them and (b) search for govt agency / non-tech company that otherwise wouldn't be expected to appear in repo names. Could probably clone them all and then have an LLM quickly scan for interesting stuff.

Also, doesn't Github have its own automated scanner for something as basic as a AWS credential?

2 comments

morpheuskafka

Reply
dreamcompiler  10 hours ago

> Also, doesn't Github have its own automated scanner for something as basic as a AWS credential?

If you leave it turned on. TFA says this user had turned it off.

  • yabones  10 hours ago

    I bet the scanner went off quite a few times and the guy disabled it...

    "I turned off the carbon monoxide detector because it kept beeping, now I can finally get some sleep"