Hacking JavaScript Desktop apps with XSS and RCE

What is common for Slack, Discord and Skype? Electron! Learn to hack JavaScript Desktop apps in less than one hour. Quick Practical Intro about what you need to know to get started pentesting Electron apps, lifetime access, vulnerable apps to practice and all future updates included for free. JavaScript desktop apps share traditional attack vectors and also introduce new opportunities to threat actors. This workshop will teach you how to review JavaScript desktop apps, showcasing Node.js and Electron but using techniques that will also work against any other desktop app platform. Ideal for Penetration Testers, Desktop app Developers as well as everybody interested in JavaScript/Node.js/Electron app security. All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace.

Presented at Security Fest 2022.

Speaker: Abraham Aranguren

About Abraham Aranguren

Abraham Aranguren

After 15 years in itsec and 22 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop (Electron) app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior penetration tester / team lead at Cure53 and Version 1. Creator of “Practical Web Defense”, a hands-on eLearnSecurity attack / defense course, OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog . Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications

Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.