Eight types of dangerous NHI credentials. One framework to find, classify, and eliminate them all. The complete NHI Kill Chain series summary with Cyber Kill Chain and MITRE ATT&CK mapping.
Full writeup of the AITU CTF Final (April 25-26, 2026), a HackCity-format competition. We walk through exploiting DMZ hosts via XXE, SSTI, and SQLi, pivoting into the DEV segment through AD lateral movement, escaping a privileged Docker container via cgroup abuse, and breaching a healthcare system through JWT JKU header injection.
A new CISO ordered a full NHI audit. The result: 3,400 active credentials, 60% with no identifiable owner. Can't revoke them, can't rotate them, can't assign responsibility.
A PostgreSQL master password drifted across seven platform types — from Secrets Manager to GitHub, Jenkins, Docker Hub, Jira, Confluence, and Slack. Each security tool saw its own silo. None saw the full picture.
Secret scanning alert: Resolved. Credential status: Active. Deleting a secret from code is not the same as revoking it. Inside the Zombie Key kill chain.
A single Stripe API key was copied to 14 locations over three years. When a QA repo went public, the key was exposed — and revoking it meant breaking 14 services simultaneously.
A single AWS key, never rotated for 3 years, spread across 7 systems. When a supply chain attack hit a Terraform CI plugin, the key gave attackers full infrastructure access. Inside the Aged Key kill chain and how to defend against long-lived credentials.
A single production outage left credentials in six non-code platforms — Slack, Jira, Confluence, Sentry, Datadog, and PagerDuty. Your secret scanner found none of them. Inside the Shadow Key kill chain.
A departed developer's AWS key stayed active for 92 days. When an infostealer hit their personal laptop, the key was sold on the dark web. Inside the Ghost Key kill chain and how to defend against orphaned credentials.
Aqua Security's Trivy was compromised by TeamPCP, cascading into LiteLLM. A 7-phase Cyber Kill Chain and MITRE ATT&CK analysis of how incomplete credential rotation turned a single breach into a five-ecosystem catastrophe.
Complete guide to git secret scanning tools. Compare TruffleHog, GitGuardian, GitHub Advanced Security, and Cremit. Learn implementation strategies with real CI/CD examples
Stop Secrets Sprawl: Shifting Left for Effective Secret Detection
DevSecOps: Why start with Cremit