I will outline a hostile disclosure process, how researchers can protect their work, how PSIRTs are not always on your side.
I will be using CW as an example of several new / innovative attack types such as abusing blind SSRF for client-side exploitation, how HTTP / DNS based interaction can be used as a protocol proxy, how to defeat code signing through attacker controlled dynamic application parameters, etc.
I will show my technique for firewall bypass and layer 2 / 3 segmentation bypass via DNS rebinding and multi-homed SSRF.