Github, Bitbucket, Pastebin what do they all have in common? Your developers are using them as a personal dumping ground for all things awesome. From code, to credentials, to api keys let’s take a look at some of the venerable gold that your attackers can find with just some simple Google Fu(tm) and a bit of regex fun. We’ll take a trip into a years worth of research uncovering everything from Corporate Admin credentials to complete firmware tool chains for unreleased products. Your developers want to be “agile” they want to share, and collaborate — and you need to be watching what tools they choose to do that with.
