BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.nsec.io//2026//3UH9JE
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-2026-3GZ393@cfp.nsec.io
DTSTART;TZID=EST:20260514T103000
DTEND;TZID=EST:20260514T110000
DESCRIPTION:Private key leaks represent a critical security vulnerability\,
  with over 600\,000 leaked keys on GitHub in 2024\, yet their real-world i
 mpact remains largely unknown due to the challenge of linking these mathem
 atical objects to their operational usage. We present the first systematic
  analysis mapping leaked private keys to active certificates\, combining G
 itGuardian's dataset of 945\,560 unique leaked private keys with Google's 
 historical Certificate Transparency databases. Our methodology successfull
 y mapped 42\,690 private keys to 139\,767 certificates\, revealing the imp
 act of private keys leaked on GitHub and DockerHub. Using custom online an
 d offline validation\, we identified 2\,622 valid certificates\, enabling 
 website impersonation and MITM attacks. Our analysis reveals systematic fa
 ilures in certificate revocation practices\, with only 80 certificates rev
 oked via CRL/OCSP and just 3 properly marked as key-compromised. Finally\,
  we successfully attributed certificates to 600 organizations across criti
 cal industries\, though many could not be mapped to identifiable owners. W
 ith 20% of valid certificates having been exposed for over two years\, our
  large-scale responsible disclosure campaign sent thousands of emails and 
 revealed significant challenges in reaching certificate owners.
DTSTAMP:20260507T204434Z
LOCATION:Ville-Marie
SUMMARY:Private Key Leaks in the Wild: Insights from Certificate Transparen
 cy - Guillaume Valadon\, Gaetan
URL:https://cfp.nsec.io/2026/talk/3GZ393/
END:VEVENT
END:VCALENDAR