So Open Redirects debate always comes back again and again across security rooms. I often dig the claim that these should not get real attention since they hardly get used beyond PoCs, but there are still some situations in which they can become a real issue.
Having read a lot lately about hacks making use of open redirectors to accomplish all sorts of cool vuln chaining, I decided to tie up all my loose thoughts in a deck of slides, in the hopes that it can serve as a reference for the current and actual impact of delivering arbitrary redirects to your users.