Slack Signing Secret

Description

General

• Documentation: https://api.slack.com/authentication/verifying-requests-from-slack
• Summary: Slack is a business communication platform. It offers chat rooms in the form of channels organized by topics as well as private groups and direct messaging. Users can create Slack applications to automate some actions in workspaces. This detector focuses on catching Slack signing secrets. Those secrets are used by Slack applications in order to authenticate requests coming from Slack.
• IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
• Scopes: All keys have the same permission, and allow to authenticate Slack requests.

Revoke the secret

To revoke the credentials, go to the App dashboard and after selecting the application, click on regenerate next to the Signing Secret key field.

Check for suspicious activity

Monitoring activity of keys is not mentioned in Slack's documentation.

Details for Slack signing secret

• Family: Api

• Category: Messaging system

• Company: Slack

• High recall: False

• Validity check available: False

• Analyzer available: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 2.4

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - slack
- type: ContentWhitelistPreValidator
  patterns:
    - signing

Examples

- text: slack_signing_secret=034896b597825cb22ececfed139ef9ca
  apikey: 034896b597825cb22ececfed139ef9ca

- text: |
    this is a slack app
    signing_secret="e4befad545eda15ef7bdb724cd4d01d1"
  apikey: e4befad545eda15ef7bdb724cd4d01d1