Every penetration tester has had the moment. You are two days into an engagement, sifting through cloned repositories and intercepted HTTP responses, and a hardcoded AWS key appears in a config file that has been sitting in version control for months. Nobody rotated it. Nobody noticed. And when you validate it, the key is still live. Leaked secrets are not a new problem. The tooling for finding them has improved dramatically over the past several years, with mature open-source rule sets covering hundreds of credential patterns across cloud providers, SaaS platforms, CI/CD systems, and payment processors. But most of this…
Noah Tutt
Noah Tutt
Noah Tutt is a Senior Security Engineer at Praetorian specializing in web application assessments, hardware testing, reverse engineering, and secure code review.