What is Detectify?

Slack

Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token

Frans Rosén postmessage Slack
Frans Rosén Slack XSS

Using Chrome’s web-custom-data UTI to inject a stored XSS in Slack

Slack Slackbots token

Slack bot token leakage exposing business critical information