Anti-Cast: Hacking JavaScript Desktop Apps with XSS and RCE with Abraham Aranguren

If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this session is for you — all action, no fluff.

This 1-hour Anti-Cast is a fast-paced, hands-on introduction to modern attack vectors against JavaScript-based desktop apps, primarily focusing on Electron.

We will explore real-world vulnerable applications and demonstrate how common web vulnerabilities like XSS can escalate into full Remote Code Execution (RCE) on the desktop. You will get a sneak peek into our full training content with access to practice labs, demonstrations of attacks on Windows, macOS, and Linux, and insights into how to properly audit and secure desktop apps.

Topics covered include:

– How to audit Electron apps for security flaws

– Understanding XSS in the context of desktop apps

– Turning XSS into RCE in JavaScript apps

– Attacking preload scripts

– RCE via IPC

Join us for PreShow Banter™ at 11:30 AM ET

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis 
in the #🔴live-chat channel

Stay up to date on our upcoming live Anti-Casts and more at https://poweredbybhis.com

Don’t forget to check out our Course Catalog for our upcoming free and affordable cybersecurity training!