We're so happy to Open Source TruffleHog V3!

🐷 Under the Hood of TruffleHog! ⚡ Part 1 of 2: How Aho-Corasick + CPU optimizations deliver 11-17% faster scans with precomputed keyword matching. 🚀 👉

@shannonNullCode We did. Check out this blog for more info:

🚨 Today we are announcing a new Oauth bug that affects millions of accounts TLDR: Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees 👇 full blog 👇👇

Vigilante Justice on GitHub. 🦇🦸 Here's how to spray painting on other fraudster's GitHub Activity Graph.

🚨 10% of SaaS platforms mishandle GitHub OAuth tokens, opening potential backdoors into corporate accounts. 😱 ⚠️ Extends to Azure, Slack & more—increasing risk with poor token handling. 🛑 The issue isn’t OAuth; it’s how platforms secure tokens. 👉

🚨 LLMs are teaching developers to hardcode API keys 🔑 We tested 10 LLMs & most recommend hardcoding credentials, even in tools like VS Code & ChatGPT. ⚠️ The risk? Devs might blindly follow this insecure advice. 🔍 Read the research:

🐷 TruffleHog now decodes APKs to scan for secrets 🚀 💡 Why it matters: 🔍 APKs often leak secrets, but scanning was slow & complex. 🔓 Now it’s fast, efficient, & scalable. 📊 Tested on WhatsApp & Facebook Messenger—up to 16.5x faster! 👉

🚨 Calling all security researchers! Truffle Security’s CFP is open 🎉 💡 Have a project idea? Get $ and be featured on our blog! 🌟Focus: Leaked Secrets | AppSec | IAM | Open-source 👉

🎉 Hacktoberfest 2024 Winners! 🎉 🏆 1st: sahil9001 🥈 2nd: fumblehool, 0x2b3bfa0, rgmz 🚀 15 PRs submitted to boost TruffleHog detectors. 🌟 Big thanks to all contributors! Let’s keep building! 👉

🎃 This Halloween, we're exposing the scariest places your secrets might still be hiding - including GitHub’s ghostly branches, Azure’s dark corners, and Postman's haunted workspaces! 👻 💀Find out 7 spooky spots your secrets leak online:

🔑 Private Key Reuse: It’s everywhere! 🔍 We analyzed 7B+ TLS certs: 10% reuse private keys! 👀 We also reviewed 65M GitHub SSH keys: 2% had key reuse issues! 🔓 Reused keys = attackers can impersonate servers, decrypt data, & hijack sessions. 👉

🐷 TruffleHog automagically Scans Encoded & Archived Data for Secrets! 🔍Detects secrets in encoded formats (Base64, UTF-8) & archived files (.zip, .tar). 🔐Quickly uncover hidden AWS keys and more! 🔗For details & examples:

RT @geeknik: 🚨 Secrets lurk in your code, waiting to be found! 🔍 TruffleHog hunts them down, but remember: ignoring security is like leavin…

🚨 Developers often leak data when open-sourcing on GitHub! 🛠️ 😨🔍Even squashing git history doesn’t hide “dangling” data—it can still be accessed with the SHA-1 hash. 🛑Avoid pitfalls & keep your data secure!🔒 ➡️ Check out our open-sourcing tips:

RT @InsecureNature: I had the privilege of a quick cameo in @_JohnHammond 's recent video, where he covered @trufflesec 's Private and Dele…

RT @InsecureNature: Thanks for sharing our (@trufflesec 's) research! More to come soon, too...

🍁🍂 Hacktoberfest 2024 is here! 🐷 Join Truffle Security's Detector Improvement Competition! 🔹 Fork TruffleHog 🔹 Improve a detector 🔹 Submit your PR 🎁 Prizes: MacBook Air, Timbuk2 Backpack, TruffleHog swag! 🗓️ Oct 1 - Oct 31 👉

🌟 Security researchers, got a groundbreaking idea? 💡 🐷 Truffle Security sponsors 2 projects/month! Accepted proposals receive 💰 and are featured on our blog. 🔑 Focus: Leaked Secrets | AppSec | IAM | Open-source 👉

Huge shoutout to to the speakers giving these talks: @amichaishulman @Cassie_Crossley @francoisproulx @InsecureNature @JoeLeonJr @sandrogauci and Ofir Yakobi & Shir Sadon from @orcasec 2/2