What is Detectify?

Web security blog

The story of EV-SSL, AWS and trailing dot domains

Frans Rosén Hostile Subdomain takeover SSL

Using Chrome’s web-custom-data UTI to inject a stored XSS in Slack

Frans Rosén Slack XSS

How I made LastPass give me all your passwords

Cross Site Scripting Lastpass Mathias Karlsson XSS

What HPKP is but isn’t

HPKP HTTP public key pinning

7 tools that have influenced the reversing community

DRM reverse engineering

Fusion Challenges – level02 Write-up

binary exploitation Fusion challenges return-oriented programming

Slack bot token leakage exposing business critical information

Slack Slackbots token

Frans Rosén’s Bugcrowd Guest Blog: Using a Braun Shaver to Bypass XSS Audit and WAF

bug bounty Bugcrowd Cross Site Scripting Frans Rosén XSS

Using reverse engineering techniques to see how a common malware packer works

reverse engineering UPX

Tips for running an onion

Onion Onion-domain Tor