That's what I'm trying to figure. Open wifi or not, your private ssh key shouldn't leave your pc when you're using it. Ditto for whatever sites you visit over HTTPS, the whole point of TLS is to avoid MITMing connections and extracting their contents.
I'd assumed that somehow connecting to or using their wifi got local privileges?
There's things like cellular modem exploits that bypass all the higher layers of the stack and get access to your cell phone at the base layer. I'm guessing similar stuff exists for wifi. Heck it could have even been a power cable I maybe mistakenly plugged in trusting it! I'm not an expert on any of this tho.
With the MITM I think you're right, I would have expected to see some cert issues. But I know I have seen GitHub MITM'ing before with a state issued MITM certificate (won't say where right now), tho I did notice that because there were connection issues and then I paid attention to the address bar.
It could have been that there were cert issues, I just wasn't paying attention to them, as it was an interview. That sounds plausible.
I guess the issue is there's all kinds of exploits and zero days that most regular people don't really know. Of course they could have combined it with a PDF exploit from something they emailed me. I don't know!
Did you find anything on this in the meantime, on theories on the different ways it could be possible? How would you rate your cybersecurity redteam/blueteam knowledge in this domain on a scale of 1 to 10 (10 being best)?
Some kind of unknown wifi attack seems the most plausible to extract the ssh key if you cofirm you haven't left the laptop unattended and everything else is reasonably secured.
Although you're certificate point did give me pause. Don't you have the private ssh key stored somewhere accessible from github? Like some kind of action or whatnot.
Also, is that key not password-protected? Did you ignore some SSH connection warnings and forwarded your agent?
I don't work in cybersecurity, so let's just say that my readteam knowledge is 1. I just try to understand how things work and protect my stuff as best I can. I'm just very surprised since your situation seems, on the surface at least, to fly in the face of what is commonly expected.
That's what I'm trying to figure. Open wifi or not, your private ssh key shouldn't leave your pc when you're using it. Ditto for whatever sites you visit over HTTPS, the whole point of TLS is to avoid MITMing connections and extracting their contents.