Video in English is not available yet.
Aaditya Purani and Max Garrett: ElectroVolt — Pwning Popular Desktop Applications
A DEF CON 30 talk on novel attack vectors targeting Electron applications that can lead to remote code execution — even when security feature flags are properly configured.
The speakers demonstrate how loading attacker-controlled remote content via Deep Links, open redirects, or XSS can compromise the underlying operating system. They also break down vulnerabilities discovered in twenty widely used applications, including Discord, Microsoft Teams, VSCode, Notion, and others.
The speakers demonstrate how loading attacker-controlled remote content via Deep Links, open redirects, or XSS can compromise the underlying operating system. They also break down vulnerabilities discovered in twenty widely used applications, including Discord, Microsoft Teams, VSCode, Notion, and others.