BSidesTLV 2023

Aviad Carmel

As a senior security researcher at Salt Security, Aviad brings a wealth of knowledge and experience in the field of security research.
At the age of 15, he demonstrated his passion for security research by obtaining his first Root and CVE. Since then, he has continued to hone his skills and has become a recognized expert in the field.
In addition to his work in security research, Aviad is also passionate about teaching. He created, wrote and taught the Reverse Engineering and Vulnerabilities course at the Technion's computer science faculty for five years, all while he was a student himself.

The speaker's profile picture


Uh-OAuth! - Breaking (and fixing) OAuth Implementations
Aviad Carmel

We dove into the world of OAuth (open standard for authorization and authentication) and its various implementations. By applying advanced attack techniques, we managed to gain control of accounts on popular applications and websites – household brand names – each with more than 100 million users.
At the end of the day, our research gave us (potential) access to one billion accounts.