Talk was part of GrabCon 2021 where I presented how a single functionality like password reset can become a big attack vector for bugbounty hunters and pentesters. Multiple attack scenarios are described in this talk.
Video: https://youtu.be/JTrXOS8N9W0?t=1940