Chris Dale
@chrisdale.bsky.social
Principal instructor at SANS Institute. CHO (Chief Hacking Officer) and co-founder of River Security. Occasionally put content on YT: https://www.youtube.com/@chrisdale
That was fun. Took about 10 minutes of clicking around. Last two I brute-forced :) Thanks for sharing.
April 4, 2025 at 8:55 PM
That was fun. Took about 10 minutes of clicking around. Last two I brute-forced :) Thanks for sharing.
Reposted by Chris Dale
For instance, if your Slack workspace blocks example[.]com, share a link with an explicit port left-padded with enough zeroes, e.g. httpx//:example[.]com:000443, and your link will be unfurled.
Admittedly not much of a security impact; just a broken functionality. 🤷
youtu.be/uI0JrHkLAXA
2/2
Admittedly not much of a security impact; just a broken functionality. 🤷
youtu.be/uI0JrHkLAXA
2/2
Slack: lack of port normalisation allows bypass of Blocked Previews
YouTube video by jub0bs
youtu.be
April 4, 2025 at 9:14 AM
For instance, if your Slack workspace blocks example[.]com, share a link with an explicit port left-padded with enough zeroes, e.g. httpx//:example[.]com:000443, and your link will be unfurled.
Admittedly not much of a security impact; just a broken functionality. 🤷
youtu.be/uI0JrHkLAXA
2/2
Admittedly not much of a security impact; just a broken functionality. 🤷
youtu.be/uI0JrHkLAXA
2/2
In case the post gets taken down, here is a screenshot.
February 14, 2025 at 8:59 AM
In case the post gets taken down, here is a screenshot.
Keeping free open-source software maintained is often an unrewarding and unrecognized effort. Thank you!
December 24, 2024 at 12:28 PM
Keeping free open-source software maintained is often an unrewarding and unrecognized effort. Thank you!
Hi Matt, nice to meet you 🤟😂
November 19, 2024 at 10:08 PM
Hi Matt, nice to meet you 🤟😂