Electron applications are ubiquitous, we use them every day. When you are listening to Spotify, talking to your friends on Discord or programming in VSCode; Electron is powering that user experience. Electron also drives common chat platforms like Slack & Microsoft Teams (v1.x). In this presentation we will review the attack surface of Electron application in a Red Team scenario; how an attacker can assume the user’s identity and introduce novel tooling to instrument Slack for enumeration and internal social engineering purposes.
- Demo 1: https://youtu.be/63TA4qspUjI
- Demo 2: https://youtu.be/xiP43Gyuaz0
- Demo 3: https://youtu.be/d6xiC-bcxvA
- Demo 4: https://youtu.be/oqIQ0BC2ltA
- Demo 5: https://youtu.be/D8vSWmpmQIs
- Demo 6: https://youtu.be/WezgJZBIq_4