Preloading Insecurity in Your Electron

Preloading Insecurity in Your Electron

Black Hat via YouTube Direct link

Affected Configs

12 of 30

12 of 30

Affected Configs

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Preloading Insecurity in Your Electron

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Anatomy of Electron-based Apps
  3. 3 Lifecycle
  4. 4 ContextIsolation 1/2
  5. 5 Electron is NOT a browser
  6. 6 From Browser to Electron - Attack Surface
  7. 7 From Browser to Electron- Isolation
  8. 8 Full chain exploit (Step 1)
  9. 9 Cross-Site Scripting
  10. 10 Full chain exploit (Step 2)
  11. 11 nodelntegration bypasses
  12. 12 Affected Configs
  13. 13 Exploits
  14. 14 Secure-by-Default Settings (v5)
  15. 15 Chromium Upgrades
  16. 16 Survey Results
  17. 17 preload - A neglected attack surface
  18. 18 Node's Buffer
  19. 19 Case Study - Wire App 1/3
  20. 20 Case Study - Discord 3/3
  21. 21 IpcMain and ipcRenderer 1/2
  22. 22 Leveraging the Internal Electron IPC
  23. 23 Case Study - (Again) Discord 3/3
  24. 24 Sandboxing 2/2
  25. 25 Native Capabilities, and Your Responsibility
  26. 26 Prototype Pollution - Preload
  27. 27 Case Study - Undisclosed 2/3
  28. 28 Prototype Pollution - Electron
  29. 29 Making Preload works with ContextIsolation
  30. 30 Black Hat Sound Bytes 2/3

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.