Abstract
The session will delve into some of the most significant vulnerabilities I have discovered, with a focus on real-world case studies that reveal the depth and breadth of security challenges across various industries.
Key case studies include:
-
SQL Injection Exposing Tons of User Info in the Biggest Middle East Bank: A deep dive into how a seemingly simple vulnerability exposed sensitive data of millions, detailing the discovery process and the massive impact on the banking sector.
-
Data Exfiltration Through Germany’s Public Transport Ticketing System: An exploration of how vulnerabilities in a public service system were exploited to siphon off critical data, with insights into the detection and response efforts.
-
SQL Injection Exposing Millions of Users in a Global E-commerce Leader: An analysis of how a global e-commerce platform was compromised, risking the personal information of millions, and the subsequent steps taken to mitigate the threat.
-
Hacking Admin and Exposing the Powerhouse of Connected Vehicle Networks: A case study on breaching the administrative controls of a major connected vehicle network, revealing the potential for widespread disruption.
-
Exposing “Keys to Kingdom” of the Biggest American AI based Pentesting Company: An examination of a vulnerability that could have led to catastrophic breaches in a pentesting company, highlighting the severity of the flaw and the critical nature of timely intervention.
Each case study will not only cover the technical aspects but also discuss the broader implications, offering attendees valuable lessons and strategies for strengthening their own security practices.