π| Blog | zi0Black.github.io |
The second edition of TumpiCon is here!
π
June 27-28, 2025
π Somewhere near Turin, Italy
π Invite-only
No flashy stages. No fluff. Just raw, technical, and unfiltered hacking.
More details? If you know, you know.
Follow the trail: https://tumpicon.org
http://ranum.com/security/computer_security/editorials/dumb/index.html - It makes you laugh and think at the same time.
CVE-2022-20951: Cisco BroadWorks CommPilot Application exposes a servlet that allows the application to be used as an HTTP proxy server. The lack of validation of the the target URL and the lack of authentication protection allows an unauthenticated attacker to achieve a full-read SSRF.
Did you know you can hide your payloads in phone numbers? βοΈπ±
RFC3966 specifies parameters for valid phone numbers that can contain characters. @[email protected] discovered that popular libraries are vulnerable and that it can lead to XSS and even ATO!π₯
#BugBountyTips #NahamCon2022EU
π¦π: https://twitter.com/intigriti/status/1604054094808760321
βDid you know you can hide your payloads in phone numbers? βοΈπ± RFC3966 specifies parameters for valid phone numbers that can contain characters. @securinti discovered that popular libraries are vulnerable and that it can lead to XSS and even ATO!π₯ #BugBountyTips #NahamCon2022EUβ
And the recording of our @[email protected] USA talk for "ΓPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture" is finally out as well!
Check it out π https://youtu.be/8ZWc7Hcsl8o
cc @[email protected] https://twitter.com/borrello_pietro/status/1557065793954672640
π¦π: https://twitter.com/borrello_pietro/status/1595027725441441792
The video of our @[email protected] talk "CustomProcessingUnit: Tracing and Patching Intel Atom Microcode" is finally out!
Check it out at https://youtu.be/C-ZSvTVvK1o
π¦π: https://twitter.com/borrello_pietro/status/1593304870236332033
TumpiCon
Shielder
The Oatmeal