The Dig

The Dig

Thoughts, research, reports, and more from Truffle Security Co.

We've written a lot, so here's a search…

We've written a lot, so here's a search…

Joe Leon

Dec 12, 2024

LLMs are Teaching Developers to Hardcode API Keys

Joe Leon

Dec 4, 2024

Cracking Open APK Files at Scale

Zach Rice

Nov 26, 2024

Announcing the Winners of the TruffleHog Hacktoberfest 2024 Detector Competition

Joe Leon

Oct 31, 2024

7 Spooky Places Your Secrets Leak Online

Dylan Ayrey & Joe Leon

Oct 24, 2024

10% of TLS Certificates Reuse Private Keys

Joe Leon

Oct 18, 2024

Secret Scanning Encoded and Archived Data

Joe Leon

Oct 10, 2024

Securely Open-Sourcing on GitHub

Zach Rice

Oct 1, 2024

Hacktoberfest 2024: Detector Improvement Competition at Truffle Security!

Joe Leon

Sep 27, 2024

Announcing Truffle Security’s CFP

Joe Leon

Sep 19, 2024

8 Must-See Talks at OWASP 2024 Global AppSec

Joe Leon

Sep 12, 2024

You can Access Private Azure DevOps Repo Data

Joe Leon

Sep 4, 2024

TruffleHog Partners With Hugging Face to Scan for Secrets

Joe Leon

Aug 23, 2024

Why TruffleHog Analyze is a Game-Changer for Security Teams

Dustin Decker

Aug 16, 2024

Contributor Spotlight: Karan Bamal

Dylan Ayrey & The Analyze Team

Aug 7, 2024

TruffleHog Now Analyzes Permissions Of API Keys and Passwords

Private and Deleted
Private and Deleted

Joe Leon

Aug 2, 2024

TruffleHog now finds all Deleted & Private Commits on GitHub

Joe Leon

Jul 24, 2024

Anyone can Access Deleted and Private Repository Data on GitHub

Dylan Ayrey & Zach Rice

Jul 19, 2024

Secrets in Source Code Are Not A Code Security Problem

Haoxi Tan

Jul 10, 2024

Leaked Secrets in Public Jenkins Logs

Dylan Ayrey & Joe Leon

Jul 3, 2024

TruffleHog Scans Deleted Git Branches

Joe Leon

Jun 27, 2024

TruffleHog Now Scans Jenkins Logs

Charlie Gunyon

Jun 17, 2024

TruffleHog Partnering With Elastic to Scan for Secrets

Dylan Ayrey

Jun 7, 2024

11,000+ GitHub users' SSH keys are too weak

Joe Leon

May 29, 2024

Credentials Leaking with Subdomain Takeover

Dylan Ayrey

May 17, 2024

Stop Recommending JWTs (with symmetric keys)

Joe Leon and Dylan Ayrey

May 9, 2024

Bug Bounty Hunting Leaked Credentials

Joe Leon

May 2, 2024

Scan Postman for Secrets with TruffleHog

Joe Leon

Apr 25, 2024

(The) Postman Carries Lots of Secrets

Joe Leon

Apr 12, 2024

Do Secrets Leak on Public GitHub Gists in 2024?

Scan every tag and architecture of a docker image for leaked secrets
Scan every tag and architecture of a docker image for leaked secrets

Joe Leon

Apr 4, 2024

Scan Every Tag and Architecture of a Docker Image for Secrets

Sam Chan

Mar 20, 2024

How to Scan Jira for Secrets

Dylan Ayrey

Mar 14, 2024

The Keyboard Button that Displays Linux Root Memory

Dylan Ayrey

Mar 6, 2024

Contributor Spotlight: Helena Rosenzweig and Assetnote team

Joe Leon

Feb 27, 2024

How TruffleHog Verifies Secrets

Detecting Canaries
Detecting Canaries

Dylan Ayrey

Feb 21, 2024

TruffleHog Now Detects AWS Canaries without setting them off

Haoxi Tan

Feb 14, 2024

How to Scan S3 Buckets for Secrets

Haoxi Tan

Feb 7, 2024

How to Scan Azure Blobs for Secrets in 2024

Haoxi Tan

Jan 31, 2024

Scanning Git for Secrets: The 2024 Comprehensive Guide

Haoxi Tan

Jan 25, 2024

The Risks of a Leaked Stripe API Key

Joe Leon

Jan 17, 2024

Introducing whoamislack: Identify Slack Workspace Names from Webhook URLs

Joe Leon

Jan 10, 2024

74% of publicly leaked keys are never revoked

Joe Leon

Jan 4, 2024

Research Uncovers AWS Account Numbers Hidden in Access Keys

Dylan Ayrey

Dec 15, 2023

Google OAuth is Broken (Sort Of)

Haoxi Tan

Dec 13, 2023

Why did 1 GitHub Repo leak 5,000 Live GCP Keys?

Joe Leon

Dec 4, 2023

Running TruffleHog in Travis CI

Zach Rice

Nov 28, 2023

Improving TruffleHog Part I: Adding a New Detector

Zach Rice

Nov 22, 2023

Announcing the TruffleHog Hacktoberfest 2023 Winners!

Joe Leon

Nov 15, 2023

Tailscale + Truffle: A Blueprint for Open Source TruffleHog Contributions

Karim Rahal

Oct 25, 2023

Mirror, Mirror, on the Wall, Secrets Leaked from Repos All

Zach Rice

Oct 19, 2023

Contributor Spotlight: Richard Gomez

Zach Rice

Oct 6, 2023

TruffleHog Detector Competition at Hacktoberfest 2023!

Joe Leon

Sep 27, 2023

Think Twice Before Commenting: Thousands of GitHub Comments Leak Live API Keys

Joe Leon

Sep 18, 2023

How to Rotate: Key Rotation Tutorials

Joe Leon

Sep 11, 2023

How Secrets Leak out of Docker Images

Joe Leon

Sep 5, 2023

4,500 of the Top 1 Million Websites Leaked Source Code, Secrets

Miccah Castorina

Aug 30, 2023

Do Pre-Commit Hooks Prevent Secrets Leakage?

Joe Leon

Aug 22, 2023

Running TruffleHog in Azure Pipelines

Joe Leon

Aug 15, 2023

TruffleHog Commands: Git vs Filesystem

Karim Rahal

Nov 8, 2023

Does Travis CI leak secrets in 2023?

Hon Kwok

Aug 9, 2023

Announcing TruffleHog Terminal UI

Dylan Ayrey

Aug 3, 2023

Discovering a Vulnerability in Forager AuthZ, Hours before Public Launch

Joe Leon

Aug 3, 2023

Deleting leaked API keys isn’t a solution

Karim Rahal

Jul 28, 2023

How Secrets Leak in CI/CD Pipelines

Hon Kwok

Jul 17, 2023

Introducing Forager: Browse Millions of Leaked API keys Found With TruffleHog

Mike Vanbuskirk

May 18, 2023

Running TruffleHog in a GitHub action

Zach Rice

Apr 17, 2023

Making TruffleHog Faster with Aho Corasick

Dustin Decker

Feb 22, 2023

Secure Credential Storage in 2023

Dylan Ayrey

Jan 30, 2023

Introducing: A New XSSHunter, Hosted by the Truffle Security Co.

Dustin Decker

Jan 17, 2023

Introducing cloudsql-exporter, a New Way to Protect Cloud SQL Data

Dylan Ayrey

Jan 6, 2023

TruffleHog Now Scans CircleCI Build Logs

Chris Grayson

Jan 3, 2023

Bypass firewalls with of-CORs and typo-squatting

Dylan Ayrey

Nov 20, 2022

Email Graffiti: Hacking Old Email

Dylan Ayrey

Jul 7, 2022

It’s Impossible to Find Every Vulnerability, So We Don’t Try To

Dylan Ayrey

Apr 4, 2022

Introducing TruffleHog v3

Dylan Ayrey

Feb 9, 2022

Introducing Driftwood: Know if Private Keys are Sensitive

Dylan Ayrey

Jan 9, 2022

The Breach They Kept Secret

Dylan Ayrey

Dec 8, 2021

Truffle Security raises $14 million Series A led by a16z

Dylan Ayrey

Sep 19, 2021

Introducing TruffleHog, The Chrome Extension

Dylan Ayrey

Aug 30, 2021

Why Isn’t XSS Used More in the Wild?

Dylan Ayrey

Aug 23, 2021

A Leaky Key That Led to Jail Time

Dylan Ayrey

Aug 16, 2021

Uber’s Wild Story of Leaky Keys

Dylan Ayrey

Aug 9, 2021

Leaked Code Leads to Leaked Keys

Dylan Ayrey

Aug 4, 2021

Remediating TruffleHog Findings with Doppler

Guest User

Aug 3, 2021

An API Worm In The Making: Thousands Of Secrets Found In Open S3 Buckets

PREVIOUS

9

NEXT