Understanding errors in security configuration is crazy powerful but does not have the cool-factor of exploits. I mean they are absolutely useful and cool. But man I’m worried about configuration regarding internal stuff.
If you’re pentest/red team and you find a nuanced configuration error we overlooked, crazy respect for that. I want to work with you more.
There are also things that are kinda inbetween: when the way the configuration is interpreted (in custom software) makes some of its features unusable, so that is they get used you can be mostly certain that this is misconfiguration that leads to escalations (things like constraints on ACLs that cannot be evaluated in a TOCTOU-free way) or makes them very misleading so that most places where this is configured is a misconfiguration.
