Extracting Data from Slack: Hackers Will, You Should!

Presented at Wild West Hackin' Fest 2018, Oct. 25, 2018, 11 a.m. (50 minutes)

Is your Slack workspace full of sensitive data? Wouldn't you like to know the details? As an experienced red-teamer, the answer to these two questions are 'yes' and 'oh baby yes'. I will be releasing and demonstrating a PowerShell script that will extract all documents and files that an authorized user has access to. It can also extract all user profiles. As an attacker, I can use the profiles to extract user names, email addresses, phone numbers and job titles to enhance my ability to Phish an organization or password spray login portals. I can also perfrom *offline* searches for sensitive data of all messages and files. Blue team, what will I find? Run this tool yourself to understand the impact of a breach. Can you detect this tool in use by reviewing the Slack Audit logs? Come to this presentation to find out!

Presenters:

  • Carrie Roberts - Walmart
  • Tony Habeger - Walmart
    Tony is an Incident Response Specialist with a passion for incident response and threat hunting. Tony has owned a business focused in HIPAA compliant networking, programming and customer service. He then went on to grow his career working in medical information systems, automation, and HIPAA compliance for a hospital spanning multiple offices and medical software solutions. Tony joined a leading retailer team working in data loss prevention, and has since moved to the Incident Response team, where he works on incident remediation, threat hunting, and developing new identification and alerting methods and tools.

Links:

Similar Presentations: