Interesting Vulnerabilities from Public Penetration Testing Reports

Explore real-world security vulnerabilities discovered through public penetration testing reports in this 48-minute LASCON conference talk. Examine critical security flaws found in mobile, web, VPN, and cloud applications, with specific focus on cases like LeaveHomeSafe, a mandatory COVID-19 contact tracing app in Hong Kong, where personal data protection was compromised. Delve into technical examples of vulnerabilities within open-source projects designed to protect users in regions with restricted internet access, such as China, Iran, and Russia. Learn through detailed analysis and attack scenarios how these security issues were identified and exploited, understanding the delicate balance between usability and security in hostile environments. Gain valuable insights into the importance of transparency in security reporting and the practical lessons learned from public vulnerability disclosures, beneficial for developers, pentesters, and cybersecurity enthusiasts alike.