Explore a groundbreaking exploit technique that unveils a new attack surface for defeating path normalization in this Black Hat conference talk. Delve into the complexities of path normalization implementation, often underestimated by developers, and discover how this oversight creates lethal and widely applicable vulnerabilities. Learn about polyglot URL paths, off-by-slash failures, and real-world case studies involving Spring, Rails, Uber, and Amazon. Examine inconsistencies leading to ACL bypasses, misconfigurations resulting in authentication bypasses, and log injections enabling remote code execution. Gain insights into mitigation strategies and understand the far-reaching implications of this innovative attack vector presented by security researcher Orange Tsai.