Hacker News
- Hacking CloudKit: How I accidentally deleted your Apple shortcuts https://labs.detectify.com/2021/09/13/hacking-cloudkit-how-i-accidentally-deleted-your-apple-shortcuts/ 2 comments
- How to Hack APIs in 2021 https://labs.detectify.com/2021/08/10/how-to-hack-apis-in-2021/ 89 comments
- How I hijacked the top-level domain of a sovereign state https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/ 62 comments
- I exploited TLS-SNI-01 issuing Let's Encrypt SSL-certs for any domain (2018) https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issuing-lets-encrypt-ssl-certs-for-any-domain-using-shared-hosting/ 77 comments
- How I exploited TLS-SNI-01 to issue Let's Encrypt certs using shared hosting https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issuing-lets-encrypt-ssl-certs-for-any-domain-using-shared-hosting/ 2 comments
- Hacking Slack using postMessage and WebSocket-reconnect to steal your token https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token 23 comments
- LastPass autofill exploit https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/ 420 comments
- Popular Google Chrome extensions are constantly tracking you by default http://labs.detectify.com/post/133528218381/chrome-extensions-aka-total-absence-of-privacy 74 comments
- How Patreon (probably) got hacked – Publicly exposed Werkzeug Debugger http://labs.detectify.com/post/130332638391/how-patreon-got-hacked-publicly-exposed-werkzeug 5 comments
Lobsters
- How I made LastPass give me all your passwords https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/ 14 comments security
- Slack bot token leakage exposing business critical information https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/ 4 comments api , practices , security
- Chrome Extensions – AKA Total Absence of Privacy http://labs.detectify.com/post/133528218381/chrome-extensions-aka-total-absence-of-privacy 10 comments privacy , security
- TIL PHP had Easter Eggs before 5.5 which was used to fingerprint server version by pentesters https://labs.detectify.com/2012/10/29/do-you-dare-to-show-your-php-easter-egg/ 36 comments php
- Hakluke: Creating the Perfect Bug Bounty Automation - Detectify Labs https://labs.detectify.com/2021/11/30/hakluke-creating-the-perfect-bug-bounty-automation/ 6 comments netsec
- How SSL certificates are leaking sensitive information - Detectify Labs https://labs.detectify.com/2021/11/05/how-ssl-certificates-are-leaking-sensitive-information/ 5 comments netsec
- Go Fuzz Yourself – How to Find More Vulnerabilities in APIs Through Fuzzing [Whitepaper download] | Detectify Labs https://labs.detectify.com/2021/08/31/go-fuzz-yourself-how-to-find-more-vulnerabilities-in-apis-through-fuzzing-whitepaper-download/ 5 comments netsec
- How to Hack APIs in 2021 https://labs.detectify.com/2021/08/10/how-to-hack-apis-in-2021/ 19 comments netsec
- How I hijacked the top-level domain of a sovereign state https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/ 15 comments netsec
- Thinking outside of the password manager box https://labs.detectify.com/2019/02/28/thinking-outside-of-the-password-manager-box/ 6 comments netsec
- Abuse MITM possible regardless of HTTPS https://labs.detectify.com/2018/11/29/abuse-mitm-regardless-of-https/ 26 comments netsec
- How I exploited ACME TLS-SNI-01 issuing Let’s Encrypt SSL-certs for any domain using shared hosting https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issuing-lets-encrypt-ssl-certs-for-any-domain-using-shared-hosting/ 21 comments netsec
- TrackMania - a Chrome plugin to stalk your friends that use Tinder https://labs.detectify.com/2017/09/26/trackmania-a-chrome-plugin-to-stalk-your-friends/ 38 comments netsec
- Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/ 6 comments netsec
- SQLi in INSERT worse than SELECT https://labs.detectify.com/2017/02/14/sqli-in-insert-worse-than-select/ 9 comments netsec
- Stored XSS-ing Millions Of Sites Through HTML Comment Box https://labs.detectify.com/2017/01/18/stored-xss-ing-millions-of-sites-through-html-comment-box/ 7 comments netsec
- How I made LastPass give me all your passwords https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/ 111 comments sysadmin
- How I made LastPass give me all your passwords https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/ 329 comments netsec
- Slack bot token leakage exposing business critical information https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/ 31 comments netsec
- CSP: bypassing form-action with reflected XSS http://labs.detectify.com/2016/04/04/csp-bypassing-form-action-with-reflected-xss/ 2 comments netsec
- Popular Google Chrome extensions are constantly tracking you per default, making it very difficult or impossible for you to opt-out. They will receive your browsing history, all your cookies, your secret access-tokens used for authentication and shared links from Dropbox and Google Drive. http://labs.detectify.com/post/133528218381/chrome-extensions-aka-total-absence-of-privacy 16 comments technology
- [PSA] Chrome Extensions – AKA Total Absence of Privacy http://labs.detectify.com/post/133528218381/chrome-extensions-aka-total-absence-of-privacy 5 comments chrome
- Why Firefox is #1 for Privacy: Chrome Extensions = Total Absence of Privacy http://labs.detectify.com/post/133528218381/chrome-extensions-aka-total-absence-of-privacy 24 comments firefox
- Chrome Extensions – AKA Total Absence of Privacy. Popular Google Chrome extensions are constantly tracking you per default, will receive your complete browsing history, all your cookies, your secret access-tokens used for authentication and shared links from sites such as Dropbox and Google Drive http://labs.detectify.com/post/133528218381/chrome-extensions-aka-total-absence-of-privacy 482 comments programming
- Chrome Extensions – AKA Total Absence of Privacy http://labs.detectify.com/post/133528218381/chrome-extensions-aka-total-absence-of-privacy 7 comments privacy
- How Patreon got hacked – Publicly exposed Werkzeug Debugger http://labs.detectify.com/post/130332638391/how-patreon-got-hacked-publicly-exposed-werkzeug 85 comments netsec
- Disabling Chrome security extensions by viewing an HTML page http://labs.detectify.com/post/125256364141/how-i-disabled-your-chrome-security-extensions 8 comments netsec
- Using Google Cloud to bypass NoScript http://labs.detectify.com/post/122837757551/using-google-cloud-to-bypass-noscript 16 comments netsec
- How the celebrity hack could have been done http://labs.detectify.com/post/96347701121/how-the-celebrity-hack-could-have-been-done 49 comments netsec