Preloading Insecurity in Your Electron
Offered By: Black Hat via YouTube
Course Description
Overview
Syllabus
Intro
Anatomy of Electron-based Apps
Lifecycle
ContextIsolation 1/2
Electron is NOT a browser
From Browser to Electron - Attack Surface
From Browser to Electron- Isolation
Full chain exploit (Step 1)
Cross-Site Scripting
Full chain exploit (Step 2)
nodelntegration bypasses
Affected Configs
Exploits
Secure-by-Default Settings (v5)
Chromium Upgrades
Survey Results
preload - A neglected attack surface
Node's Buffer
Case Study - Wire App 1/3
Case Study - Discord 3/3
IpcMain and ipcRenderer 1/2
Leveraging the Internal Electron IPC
Case Study - (Again) Discord 3/3
Sandboxing 2/2
Native Capabilities, and Your Responsibility
Prototype Pollution - Preload
Case Study - Undisclosed 2/3
Prototype Pollution - Electron
Making Preload works with ContextIsolation
Black Hat Sound Bytes 2/3
Taught by
Black Hat
Related Courses
MongoDB for .NET DevelopersMongoDB University Web Application Development – Capstone Course
University of New Mexico via Coursera Ciberseguridad: ataques y contramedidas
Universidad Rey Juan Carlos via Independent Reliable Cloud Infrastructure: Design and Process auf Deutsch
Google Cloud via Coursera Securing and Integrating Components of your Application 日本語版
Google Cloud via Coursera