How I made $64k from deleted files — a bug bounty story
TL;DR — I built an automation that cloned and scanned tens of thousands of public GitHub repos for leaked secrets. For each repository I…
Hasnain says:
Neat little tricks here. Secret management is hard
"Most of the leaked secrets were found in binary files that had been committed to the repository and later deleted. These files are typically generated by compilers or automated processes. A common example is .pyc files, which are Python byte-code files created when some Python interpreters compile source code. These often end up being committed unintentionally. Other examples include compiler-generated debug files, such as .pdb files, which are also occasionally committed by mistake."
Posted on 2025-04-23T04:15:07+0000