What is Detectify?
Web security blog
Security
Writeups
How to
Detectify
postMessage XSS on a million sites
AddThis
Mathias Karlsson
postmessage
Most read articles
How I made LastPass give me all your passwords
»
Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token
»
Chrome Extensions – AKA Total Absence of Privacy
»
The pitfalls of postMessage
Mathias Karlsson
postmessage
Combining host header injection and lax host parsing serving malicious data
bug bounty
Fastly
Frans Rosén
Heroku
Mathias Karlsson
The story of EV-SSL, AWS and trailing dot domains
Frans Rosén
Hostile Subdomain takeover
SSL
Using Chrome’s web-custom-data UTI to inject a stored XSS in Slack
Frans Rosén
Slack
XSS
How I made LastPass give me all your passwords
Cross Site Scripting
Lastpass
Mathias Karlsson
XSS
What HPKP is but isn’t
HPKP
HTTP public key pinning
7 tools that have influenced the reversing community
DRM
reverse engineering
Fusion Challenges – level02 Write-up
binary exploitation
Fusion challenges
return-oriented programming
Slack bot token leakage exposing business critical information
Slack
Slackbots
token
« Previous
1
2
3
4
5
…
7
Next »
