Overview
Explore the vulnerabilities in Electron-based desktop applications through this 37-minute conference talk from Nullcon Goa 2022. Dive into novel attack vectors within the core Electron framework that can lead to Remote Code Execution, even when feature flags are correctly set. Learn about the security risks associated with loading remote content in Electron apps, including Deep Link misconfigurations, open redirects, and XSS vulnerabilities. Discover findings from vulnerability assessments of twenty popular Electron applications, with demonstrations of Remote Code Execution in apps like Discord, Teams, VSCode, Basecamp, Mattermost, Element, and Notion. Gain insights into the potential security implications of encapsulating web applications into desktop environments and understand the importance of robust security measures in Electron app development.
Syllabus
ElectroVolt Pwning Desktop Apps Built On Electron by Mohan Sri Rama | Nullcon Goa 2022
Taught by
nullcon