What is Detectify?

Web security blog

Using Chrome’s web-custom-data UTI to inject a stored XSS in Slack

Frans Rosén Slack XSS
Most read articles
How I made LastPass give me all your passwords » Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token » Chrome Extensions – AKA Total Absence of Privacy »

How I made LastPass give me all your passwords

Cross Site Scripting Lastpass Mathias Karlsson XSS

What HPKP is but isn’t

HPKP HTTP public key pinning

7 tools that have influenced the reversing community

DRM reverse engineering

Fusion Challenges – level02 Write-up

binary exploitation Fusion challenges return-oriented programming

Slack bot token leakage exposing business critical information

Slack Slackbots token

Frans Rosén’s Bugcrowd Guest Blog: Using a Braun Shaver to Bypass XSS Audit and WAF

bug bounty Bugcrowd Cross Site Scripting Frans Rosén XSS

Using reverse engineering techniques to see how a common malware packer works

reverse engineering UPX

Tips for running an onion

Onion Onion-domain Tor

CSP: bypassing form-action with reflected XSS

Content-Security-Policy CSP Ethical Hacking Reflected XSS
What is Detectify? Contact us Sign up for a free trial »
A security service for developers.