How we got read access on Googleâs production servers
Few things are better than a good ethical hacking challenge and what could be more fun than finding a target that can be used against itself? Find out how the Detectify team hacked their way to read access to Google’s...
Detectify Responsible Disclosure Program
As of today, researchers can report security issues in Detectify services to earn a spot on our Hall of Fame as well as some cool prizes. The Detectify team has participated in most Responsible Disclosure programs out there and we felt...
Server-side Javascript Injections and more!
Today’s updates fill the needs of many of you out there! You asked for it, and now it’s in the Detectify engine! Here’s a breakdown on the stuff we’ve put in: Verify domain ownership with Google Analytics Having trouble editing...
How I hacked Facebook and received a $3,500 USD Bug Bounty
Find out how our Security Researcher Frans Rosén hacked Facebook and found a stored XSS for which he received a bug bounty reward. I recently found a Stored XSS on Facebook, which resulted in a Bug Bounty Reward. If you want...
Malicious Data Mining @ HyperIsland
Johan Edholm and I (Fredrik Nordberg Almroth) had a talk a while back at HyperIsland, Stockholm (the 18’th of October) for the DDS13 group. The purpose of the talk was to introduce the students to IT security, and how malicious individuals can gather a...
The basics of Local File Inclusions
Local File Inclusion is quite simply the act of including files that are stored on the web server you are interacting with. LFI’s twin, Remote File Inclusion, is based on the same concept, although, as the name implies, you include...
The basics of Cross-site Scripting (XSS)
A lot can go wrong on the Internet and XSS is without a doubt one of the most common web security issues we see today. Without going too in-depth, there are three kinds of XSS based on vulnerability impact, starting with the...
SQL Injection in 1 min!
A lot could go wrong on the internet! A clever attacker can with ease gather all the intelligence he/she needs in order to conduct a full fledged exploit to reveal all the usernames (emails) and passwords of your website. An...
