Back in the day when I worked at AppSec Labs(and in my previous job too) I ran into the Firebase technology, which started to become quite popular.
Every time I got a project with this technology, it required some annoying setup to be in-place before starting to plan an attack.
This led me to research more about the topic, finding a hidden attack surface & develop my own tool to test firebase security rules :D
- stuff I contributed for my workplace(at the time): https://appsec-labs.com/portal/firebase-applications-the-untold-attack-surface/
- firepwn-tool: https://github.com/0xbigshaq/firepwn-tool