Security design flaws in Storage by Zapier

In this talk, I go through the vulnerabilities I discovered in a Zapier service called “Storage by Zapier”. What were the vulns? How did I find it? How can they be abused? I also demo a PoCs (that won’t be released) for C2 through Zapier. Of course, I’ll also acknowledge Zapier’s response to the vulns.

I’ll present the talk in a “story” style, essentially putting the audience in my shoes.