Most organizations secure what they know is vulnerable. But real attackers breach what no one thought to question. This talk is a journey into the “0-Day mindset” - not just about discovering unknown vulnerabilities, but about thinking like an adversary who challenges assumptions, abuses edge cases, and builds exploits from overlooked logic.
We’ll explore how elite hackers and red teams reverse-engineer trust, find flaws in logic chains, and repurpose legitimate functionality for malicious gain. From bypassing authorization without a single exploit, to leveraging business logic for full account takeover, this session pulls back the curtain on offensive creativity.
Backed by real-world red team scenarios and subtle exploit chains (including one that went from forgotten staging domain to production shell), you’ll gain a new lens on vulnerability: not just as a technical glitch, but as a failure of imagination.
Key Takeaways:
• What the “0-day mindset” really means in modern offensive security
• How to spot security gaps that aren’t in any vulnerability database
• Red team logic: weaponizing features, flows, and design flaws
• A breakdown of real exploit chains built from “non-vulnerabilities”