November 2017: added TURN abuse to our stunner toolset
December 2017: discovered and reported TURN vulnerability in private customer of Enable Security
February 2018: briefly tested Slack and discovered the vulnerability
April 2018: submitted our report to Slack, helped them reproduce and address the issue through various rounds of testing
May 2018: Slack pushed patch to live servers which was retested by Enable Security
January 2020: asked to publish report
February 2020: disclosure delayed by HackerOne/Slack
March 2020: report published
Just add extra linebreaks
November 2017: added TURN abuse to our stunner toolset
December 2017: discovered and reported TURN vulnerability in private customer of Enable Security
February 2018: briefly tested Slack and discovered the vulnerability
April 2018: submitted our report to Slack, helped them reproduce and address the issue through various rounds of testing
May 2018: Slack pushed patch to live servers which was retested by Enable Security
January 2020: asked to publish report
February 2020: disclosure delayed by HackerOne/Slack
March 2020: report published