What is Detectify?

Slack

Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token

Frans Rosén postmessage Slack
Frans Rosén Slack XSS

Using Chrome’s web-custom-data UTI to inject a stored XSS in Slack

Slack Slackbots token

Slack bot token leakage exposing business critical information

Get research and tips from Detectify security experts and the Crowdsource hacker community Time... to subscribe to the Detectify Monthly Round-up