Preloading Insecurity in Your Electron

Preloading Insecurity in Your Electron

Black Hat via YouTube Direct link

Case Study - (Again) Discord 3/3

23 of 30

23 of 30

Case Study - (Again) Discord 3/3

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Preloading Insecurity in Your Electron

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Anatomy of Electron-based Apps
  3. 3 Lifecycle
  4. 4 ContextIsolation 1/2
  5. 5 Electron is NOT a browser
  6. 6 From Browser to Electron - Attack Surface
  7. 7 From Browser to Electron- Isolation
  8. 8 Full chain exploit (Step 1)
  9. 9 Cross-Site Scripting
  10. 10 Full chain exploit (Step 2)
  11. 11 nodelntegration bypasses
  12. 12 Affected Configs
  13. 13 Exploits
  14. 14 Secure-by-Default Settings (v5)
  15. 15 Chromium Upgrades
  16. 16 Survey Results
  17. 17 preload - A neglected attack surface
  18. 18 Node's Buffer
  19. 19 Case Study - Wire App 1/3
  20. 20 Case Study - Discord 3/3
  21. 21 IpcMain and ipcRenderer 1/2
  22. 22 Leveraging the Internal Electron IPC
  23. 23 Case Study - (Again) Discord 3/3
  24. 24 Sandboxing 2/2
  25. 25 Native Capabilities, and Your Responsibility
  26. 26 Prototype Pollution - Preload
  27. 27 Case Study - Undisclosed 2/3
  28. 28 Prototype Pollution - Electron
  29. 29 Making Preload works with ContextIsolation
  30. 30 Black Hat Sound Bytes 2/3

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.