Leakage of secrets, such as passwords, API keys, and tokens, poses a significant cybersecurity risk to organizations. Leaked secrets can be used to get a foothold into an organization’s network and lead to both persistence and breaches via island hopping and escalation of privileges. Current tools for detecting these secrets are often based on regexes, which result in a large volume of detections often with a high incidence of false positives.
During this presentation, I will introduce the open-source version of xGitGuard, which is a machine learning-based scanner designed to enhance upon regex-based solutions with minimal false positives. I will discuss the functionality of xGitGuard, the features we have released as open-source, and our future plans. Additionally, I will take this opportunity to promote and seek potential collaborators.