Explore the vulnerabilities in Electron-based desktop applications through this 37-minute conference talk from Nullcon Goa 2022. Dive into novel attack vectors within the core Electron framework that can lead to Remote Code Execution, even when feature flags are correctly set. Learn about the security risks associated with loading remote content in Electron apps, including Deep Link misconfigurations, open redirects, and XSS vulnerabilities. Discover findings from vulnerability assessments of twenty popular Electron applications, with demonstrations of Remote Code Execution in apps like Discord, Teams, VSCode, Basecamp, Mattermost, Element, and Notion. Gain insights into the potential security implications of encapsulating web applications into desktop environments and understand the importance of robust security measures in Electron app development.
Overview
Syllabus
ElectroVolt Pwning Desktop Apps Built On Electron by Mohan Sri Rama | Nullcon Goa 2022
Taught by
nullcon
Related Courses
-
ElectroVolt - Pwning Popular Desktop Apps While Uncovering New Attack Surface on Electron
-
Hacking Modern Desktop Apps with XSS and RCE
-
Hacking JavaScript Desktop Apps with XSS and RCE
-
Detecting & Exploiting XSS Vulnerabilities
-
Only an Electron Away from Code Execution
-
Preloading Insecurity in Your Electron
