I have been researching DDoS attacks and mitigation techniques for the past three years and worked with industry leaders on testing their systems, providing them with cutting edge, and even never-seen-before attacks. I was amazed (actually still am) to find out that those big corporations, investing much work into their architecture of defense came to FAIL and sometimes the sole reason for a successful attack was a mitigation configuration or architecture FAIL. My research is done by utilizing smart grids of computers, mimicking vast botnets from all over the world, writing and perfecting scripted attacks and even involve social engineering attempts within those attacks (for mitigation that involve manual intervention). In the presentation there will be a showcase of 10 such FAILs, detailed technically as for a step-by-step close follow on the attack strategy and its mitigation failing, and of course - how delving into a recommended setup for a proper mitigation technique that will not inflict such a direct damage as presented.