This post builds on my previous article explaining how to export Slack DLP alerts using my export script, and also introduces a Python SDK for interacting with Slack DLP. Using these, I’ll show how we can go further by ingesting DLP logs into a SIEM and, finally, building a
Slack’s audit logs don’t include enough context to investigate DLP detections. In this post, I show how to export the richer DLP details Slack displays in the admin console, and I use my slack-dlp-log-extractor script to do it via the DLP API. What is Slack DLP? Slack offers
In 2023 I wrote a blog post on how you can extract and use cookies from Slack to authenticate to the API, and it has become one of my most commonly viewed articles. Since then, Slack have changed a few things, and I've been doing some deeper digging
In this post I explain how to use gopass to GPG encrypt and store your secrets locally, then integrate with direnv to decrypt and load your secrets to environment variables in your shell without exposing them in plaintext. In Part 1 of this Secrets Management series I showed you: * How
Did you know that Slack provides some surprising information about a workspace to unauthenticated callers? Slack Watchman knows, and in this post I’m going to show you the information you can enumerate from a workspace, and how you can use the ‘unauthenticated probe’ functionality of Slack Watchman to get
In this post I show how you can use some of the same tools that attackers use to generate a tailored custom password list to use with Lil Pwny, and find those risky passwords before they do. As the number of data breaches continue to rise, safeguarding your Active Directory