All posts by Charlie

How we got read access on Google’s production servers

How we got read access on Google’s production servers

Few things are better than a good ethical hacking challenge and what could be more fun than finding a target that can be used against itself? Find out how the Detectify team hacked their way to read access to Google’s...

/ April 11, 2014
Detectify Responsible Disclosure Program

Detectify Responsible Disclosure Program

As of today, researchers can report security issues in Detectify services to earn a spot on our Hall of Fame as well as some cool prizes. The Detectify team has participated in most Responsible Disclosure programs out there and we felt...

/ December 3, 2013
Server-side Javascript Injections and more!

Server-side Javascript Injections and more!

Today’s updates fill the needs of many of you out there! You asked for it, and now it’s in the Detectify engine! Here’s a breakdown on the stuff we’ve put in: Verify domain ownership with Google Analytics Having trouble editing...

/ April 9, 2013
How I hacked Facebook and received a $3,500 USD Bug Bounty

How I hacked Facebook and received a $3,500 USD Bug Bounty

Find out how our Security Researcher Frans Rosén hacked Facebook and found a stored XSS for which he received a bug bounty reward.  I recently found a Stored XSS on Facebook, which resulted in a Bug Bounty Reward. If you want...

/ December 30, 2012
Malicious Data Mining @ HyperIsland

Malicious Data Mining @ HyperIsland

Johan Edholm and I (Fredrik Nordberg Almroth) had a talk a while back at HyperIsland, Stockholm (the 18’th of October) for the DDS13 group. The purpose of the talk was to introduce the students to IT security, and how malicious individuals can gather a...

/ November 8, 2012
The basics of Local File Inclusions

The basics of Local File Inclusions

Local File Inclusion is quite simply the act of including files that are stored on the web server you are interacting with. LFI’s twin, Remote File Inclusion, is based on the same concept, although, as the name implies, you include...

/ October 14, 2012
The basics of Cross-site Scripting (XSS)

The basics of Cross-site Scripting (XSS)

A lot can go wrong on the Internet and XSS is without a doubt one of the most common web security issues we see today. Without going too in-depth, there are three kinds of XSS based on vulnerability impact, starting with the...

/ September 22, 2012
SQL Injection in 1 min!

SQL Injection in 1 min!

A lot could go wrong on the internet! A clever attacker can with ease gather all the intelligence he/she needs in order to conduct a full fledged exploit to reveal all the usernames (emails) and passwords of your website. An...

/ September 20, 2012