I believe GP means this paragraph: > So Slack's VoIP uses WebRTC, which connects... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		topher200 on April 7, 2020 \| parent \| context \| favorite \| on: We abused Slack's TURN servers to gain access to i... I believe GP means this paragraph: > So Slack's VoIP uses WebRTC, which connects via UDP/TCP to always send SRTP packets through a TURN proxy (which extends STUN via ICE) to work around usual NAT problems. These guys scanned the TURN and found an SSRF which allowed them to connect to Slack's VPC on AWS using IAM temporary credentials. Interesting.

pottertheotter on April 7, 2020 [–]

Thanks! I don't know where my head was.

keanebean86 on April 7, 2020 | [–]

Sounds like you're STUNned. Try not to TURN you head and maybe put some ICE on it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact