Workshop: Hacking JavaScript Desktop apps with XSS and RCE

Workshop: Hacking JavaScript Desktop apps with XSS and RCE

Regular price
$0
Sale price
$0
Regular price
Sold out
Unit price
per 

Title

Hacking JavaScript Desktop apps with XSS and RCE

Audience Level

From new to advanced, content should keep all skill levels happy

Short Description/Abstract

If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this workshop is for you, all action, no fluff :)

“Hacking JavaScript Desktop apps: Master the Future of Attack Vectors” is a desktop app security course that provides you with case studies from real-world vulnerable applications as well as know-how and techniques to take your desktop app security auditing kung-fu to the next level. The course covers attacks and mitigation against desktop apps on Linux, Windows and Mac OS X. The focus focuses on Electron but the techniques covered will be helpful against other desktop platforms, as well as CSP bypasses and other web security techniques. In this brief 90-minute workshop we will explain what the course covers and give you a few lab samples covering the following topics:

  • Essential techniques to audit Electron applications
  • What XSS means in a desktop application
  • How to turn XSS into RCE in JavaScript apps
  • Attacking preload scripts
  • RCE via IPC


Attendants will be provided with training portal access to practice the attack vectors covered. This includes: Lifetime access to a training portal, vulnerable apps to practice, guided exercise PDFs and video recording explaining how to solve the exercises.

Come and join us for this 90-minute hacking session, we’re sure you’ll leave with a thirst for more!

About The Speaker Note

Abraham Aranguren

Job Role/Handle : CEO, Security Trainer, Director of Penetration Testing
Company/Organization : 7ASecurity
Country : Spain
Place of residence : Bromberg (Bydgoszcz), Poland, EU

After 17 years in it sec and 24 in IT Abraham is now the CEO of 7ASecurity, a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. OWASP OWTF project leader, an OWASP flagship project owtf.org, Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications.

Content for social media /twitter, linkedin/ for promotion

Teaser Video

Interested? Try it for free!

I agree to TOS and Privacy Policy

I agree to receive emails from 7ASecurity