TL;DR — I built an automation that cloned and scanned tens of thousands of public GitHub repos for leaked secrets. For each repository I restored deleted files, found dangling blobs and unpacked .pack files to search in them for exposed API keys, tokens, and credentials. Ended up reporting a bunch of leaks and pulled in around $64k from bug bounties 🔥.OutlineBackgroundGit internalsCollecting TargetsBuilding the AutomationFindings & PaymentsSummaryBackgroundMy name is Sharon Brizinov, and while ...