Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore a critical security vulnerability demonstration from NahamCon2025 where security researchers Yaser Shahinzadeh and Amir Safari reveal how Punycode can be exploited to achieve zero-click account takeovers. Learn about the technical mechanics behind this sophisticated attack vector that leverages internationalized domain names (IDN) and Punycode encoding to bypass security measures and compromise user accounts without any user interaction. Discover the methodology used to identify and exploit this vulnerability, understand the underlying security flaws that make such attacks possible, and gain insights into the potential impact on web applications and user security. The presentation provides practical examples of how attackers can manipulate domain representations to trick systems and users, while also covering detection techniques and mitigation strategies that developers and security professionals can implement to protect against these types of attacks.
