"What do OAuth and Football Clubs have in common?" presentation will cover numerous attacking vectors that include but are not limited to OAuth, Cloud, Cosmos DB, and KIOSK Escape to compromise an application used by the majority of the most prominent football clubs.

Prior to the main topic of this presentation, the presenter will highlight career challenges, burnout avoidance, and guidance for everyone who intends to pursue a career in cyber security.

As per the technical part of the talk, the presenter will elaborate on the advanced exploitation of the following topics:

OAuth Protocol - What is OAuth, how does OAuth work, and what does it mean to an adversary?
OAuth Scope and Audience - What is the Scope of OAuth, and what is the Audience?
OAuth API - Our point of reference and how can we take advantage of OAuth?
OpenID - What is OpenID, and what risks can it pose?
Cloud Penetration Testing - What does an SSRF mean in a cloud-based application, and what is the impact of the identified SSRF?
Forged authentication requests via OAuth - How can an attacker take advantage of OAuth?

BONUS: The audience is not always remote!
Cosmos NoSQL Database - What is the CosmosDB, what does it mean to an adversary, and how can it be exploited?
KIOSK escapes - What is KIOSK mode, and how can we take advantage of it?

What do these topics mean for the majority of the most prominent football clubs?