UC San Diego Product Management Certificate — AI-Powered PM Training
The Most Addictive Python and SQL Courses
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore a critical security vulnerability demonstration from NahamCon2025 where security researchers Yaser Shahinzadeh and Amir Safari reveal how Punycode can be exploited to achieve zero-click account takeovers. Learn about the technical mechanics behind this sophisticated attack vector that leverages internationalized domain names (IDN) and Punycode encoding to bypass security measures and compromise user accounts without any user interaction. Discover the methodology used to identify and exploit this vulnerability, understand the underlying security flaws that make such attacks possible, and gain insights into the potential impact on web applications and user security. The presentation provides practical examples of how attackers can manipulate domain representations to trick systems and users, while also covering detection techniques and mitigation strategies that developers and security professionals can implement to protect against these types of attacks.
Syllabus
Puny-Code, 0-Click Account Takeover | @YShahinzadeh & @AmirMSafari | #NahamCon2025
Taught by
NahamSec