Hacking JavaScript Desktop Apps with XSS and RCE

Explore the vulnerabilities of JavaScript desktop applications in this 46-minute conference talk from LASCON. Delve into essential techniques for auditing Electron applications, understanding the implications of XSS in desktop environments, and learning how to escalate XSS to Remote Code Execution (RCE) in JavaScript apps. Discover methods for attacking preload scripts and achieving RCE via IPC. Gain valuable insights applicable to popular platforms like Microsoft Teams, Skype, Bitwarden, Slack, and Discord. Ideal for penetration testers, desktop app developers, and anyone interested in JavaScript, Node.js, or Electron app security, this hands-on workshop provides immediately applicable skills to enhance your security analysis workflow.