Become an AI & ML Engineer with Cal Poly EPaCE — IBM-Certified Training
You’re only 3 weeks away from a new language
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore a critical security vulnerability in modern version control systems through this 27-minute conference talk that reveals how dangling commits across GitHub, GitLab, and Bitbucket expose sensitive information at an alarming scale. Discover systematic techniques for identifying and enumerating orphaned commits that persist in repository history even after developers believe they've removed sensitive data through resets, modifications, or deletions. Learn about the engineering methodology behind large-scale analysis of Git platforms that uncovered widespread exposure of API keys, credentials, and proprietary configurations hidden within these repository remnants. Understand the challenges encountered during at-scale vulnerability research and gain insights into the technical approaches used to systematically extract sensitive information from dangling commits across major development platforms. Master practical solutions and repository hygiene best practices to prevent such exposures, ensuring comprehensive security coverage for both visible code and hidden repository remnants that pose silent but significant risks to organizational security.
Syllabus
Nullcon Goa 2025 | Large-Scale Exposure Of Orphaned Commits On Major Git Platforms by Kumar Ashwin
Taught by
nullcon