BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//cfp.pass-the-salt.org//pts2025//talk//PKWQUD BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-pts2025-PKWQUD@cfp.pass-the-salt.org DTSTART;TZID=CET:20250703T140000 DTEND;TZID=CET:20250703T142000 DESCRIPTION:Publicly accessible registries and repositories are often assoc iated with well-known SaaS platforms such as GitHub or DockerHub. However\ , a significant number of individuals and companies rely on self-hosted so lutions like GitLab or Harbor for managing their code and container images . Surprisingly\, many of these self-hosted instances are inadvertently exp osed\, granting unauthenticated access to repositories and container image s.\n\nThis talk will explore methods for discovering publicly accessible s elf-hosted registries using techniques such as Certificate Transparency (C T) logs and Shodan scanning. We will discuss how to retrieve repository co ntents and container images from these sources\, subsequently performing s ecrets scanning to assess the extent of exposure and raise awareness of po tential security risks.\n\nFrom a tooling perspective\, our investigation reveals a critical gap: most scanning tools fail to retrieve images from r egistries that are only available via plain HTTP. We will take this opport unity to discuss the registry API\, and demonstrate approaches for interac ting with it.\n\nThrough real-world examples and hands-on insights\, this talk aims to shed light on the current state of public registry exposure\, providing actionable recommendations for improving security posture. DTSTAMP:20260512T155139Z LOCATION:Amphitheater 122 SUMMARY:Secrets at Sea: Hunting Exposed Code & Container Registries - Guill aume Valadon\, Gaetan Ferry (Security research\, GitGuardian) URL:https://cfp.pass-the-salt.org/pts2025/talk/PKWQUD/ END:VEVENT END:VCALENDAR