What is Detectify?


Using Chrome’s web-custom-data UTI to inject a stored XSS in Slack

Frans Rosén Slack XSS
Cross Site Scripting Lastpass Mathias Karlsson XSS

How I made LastPass give me all your passwords

binary exploitation Fusion challenges return-oriented programming

Fusion Challenges – level02 Write-up

Slack Slackbots token

Slack bot token leakage exposing business critical information

bug bounty Bugcrowd Cross Site Scripting Frans Rosén XSS

Frans Rosén’s Bugcrowd Guest Blog: Using a Braun Shaver to Bypass XSS Audit and WAF

Content-Security-Policy CSP Ethical Hacking Reflected XSS

CSP: bypassing form-action with reflected XSS

OS SOP SOP bypass

Bypassing SOP and shouting hello before you cross the pond

Chrome extensions Dropbox Ethical Hacking Google Drive privacy

Chrome Extensions – AKA Total Absence of Privacy

Frans Rosén Patreon Remote Code Execution Werkzeug Debugger

How Patreon got hacked – Publicly exposed Werkzeug Debugger

Chrome HTTPS Everywhere Security Extensions

How I disabled your Chrome security extensions