Ever wondered what would happen when you leak AWS credentials to GitHub? I was, so I leaked AWS credentials to GitHub to see what would happen.
Both AWS and malicious actors respond very quickly and start taking actions on these leaked credentials.
I think this would only apply on subdomains because a CNAME cannot be set on the root domain because the root domain is the DNS Start of Authority (SOA) which must be an IP.
