BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.pass-the-salt.org//pts2026//speaker//7G3XZA
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-pts2026-MVPRCH@cfp.pass-the-salt.org
DTSTART;TZID=CET:20260702T100500
DTEND;TZID=CET:20260702T104000
DESCRIPTION:Private key leaks represent a critical security vulnerability\,
  with over 400\,000 leaked keys on GitHub in 2025\, yet their real-world i
 mpact remains largely unknown due to the challenge of linking these mathem
 atical objects to their operational usage.\n\nWe present the first systema
 tic analysis mapping leaked private keys to active certificates\, combinin
 g GitGuardian's dataset of 945\,560 unique leaked private keys with Google
 's historical Certificate Transparency databases. In September 2025\, our 
 methodology successfully mapped 42\,690 private keys to 139\,767 certifica
 tes\, revealing the impact of private keys leaked on GitHub and DockerHub.
  Using custom online and offline validation\, we identified 2\,622 valid c
 ertificates\, enabling website impersonation and MITM attacks.\n\nOur anal
 ysis reveals systematic failures in certificate revocation practices\, wit
 h only 80 certificates revoked via CRL/OCSP and just 3 properly marked as 
 key-compromised. We attributed certificates to 600 organizations across cr
 itical industries\, though many could not be mapped to identifiable owners
 . With 20% of valid certificates having been exposed for over two years\, 
 our large-scale responsible disclosure campaign sent thousands of emails a
 nd revealed significant challenges in reaching certificate owners. \n\nBut
  this research didn't happen in a vacuum. A discussion at Pass the Salt in
  2025 sparked a research collaboration between GitGuardian and Google that
  made it possible. This talk tells that story. We'll walk through the meth
 odology: from what seemed impossible in 2025\, to leveraging Google's CT d
 ata\, to today's Static CT logs.\n\nIn one year\, the TLS ecosystem evolve
 d to make duplicating this research possible. Classic CT logs are being re
 placed by static CT\, which simplifies both log operations and certificate
  retrieval. Moreover\, Certificate Transparency Log Archive is now availab
 le on archive.org. Together\, these changes let any researcher replicate o
 ur results in 2026.
DTSTAMP:20260514T104452Z
LOCATION:Amphitheater 122
SUMMARY:Private Key Leaks in the Wild: from PTS to RWC\, and back to PTS - 
 Guillaume Valadon\, Gaetan Ferry (Security research\, GitGuardian)
URL:https://cfp.pass-the-salt.org/pts2026/talk/MVPRCH/
END:VEVENT
END:VCALENDAR