This talk will discuss many of the underrated security bugs that don’t get enough recognition. The collection of bugs is based on discussions with many penetration testers, bug/bounty hunters, security researchers and more.
Each bug will be shown using
– A vulnerable code snippet
– Corresponding exploitation example
– Impact assessment and ideas for use in bug chains
Lets shed some light on some underrated bugs so they can be better understood.
All PoC material will be released for those who wants to practice these bug classes in their home lab.
