Milano Cybersecurity Meetup

The Milano Cybersecurity Meetup returns with an edition dedicated to offensive security and Bug Bounty programs, no longer just about finding vulnerabilities, but about managing noise, prioritizing risk, and building trust between organizations and security researchers. The event focuses on the role of the Ethical Hacker and the critical, often misunderstood, role of the triager, the professional who bridges vulnerability discovery with actionable remediation.The meetup will close with a talk by Sw33tLie, one of the main contributors to PortSwigger’s latest research, exploring the discovery and exploitation of HTTP Request Smuggling vulnerabilities in modern architectures.

This evening event combines focused technical talks with an informal aperitivo atmosphere, where hoodies replace ties and technical content meets open discussion and networking.
Co-organized with UNGUESS Security, a European Continuous Offensive Platform backed by a community of 200+ vetted ethical hackers and AI agents, the event offers a unique chance to hear from practitioners on different sides of the hacking process. The event will also welcome representatives from Intigriti, including Alex Olsen, Head of Hackers, who will join us to make the evening even more exciting.

## Key Themes & Takeaways

“Today, being an ethical hacker means staying ahead of attackers, finding the bugs and fixing risk before it’s exploited by malicious actors.”

• Finding bugs for learning, passion, and profit, and building a legal career path by hacking real organizations responsibly
• What makes a great triager in bug hunting programs - skills, mindset, and career paths
• How triage quality impacts program ROI, security outcomes, and researcher trust
• Dealing with AI-generated submissions ("AI slop") and the triager’s evolving role as quality gatekeeper, separating signal from noise
• Some of the most impactful vulnerabilities originate from protocol‑level flaws, turning seemingly theoretical research into systemic risk for large‑scale infrastructures and forcing modern triage to reassess impact and prioritization

## Agenda

• Talk #1 — My path to Bug Bounty (Leo Racanelli, Intigriti Ambassador)
  Hacking real organizations (legally) for fun and profit
• Talk #2 — Anatomy of a Triage: From vulnerability submission to validation (Marco Mazzola, UNGUESS Triager)
  What happens between “submission received” and “vulnerability confirmed.” A deep dive into the triager’s workflow
  What researchers wish triagers understood. How triage quality shapes submission quality and vice versa
  How AI-generated submissions are flooding programs, why most are noise, and what a good triage policy looks like
• Talk #3 — Mutations of a Bug: Where HTTP Smuggling Is Heading (Paolo Arnolfo, aka Sw33tLie — 1st researcher on the Portugal Bugcrowd leaderboard)
  An evolution-driven look at HTTP Request Smuggling: how exploitation techniques mutate over time, why old assumptions no longer hold, and what this means for modern triage, detection, and remediation

## Registration