Hacking JavaScript Desktop Applications: XSS and RCE Techniques with Abraham Aranguren
Join Abraham Aranguren to explore vulnerabilities in JavaScript desktop apps, including XSS and remote code execution (RCE). Register for free infosec webcasts, anti-casts, and summits at https://poweredbybhis.com. Discover effective infosec training at A
Antisyphon Training
258 views • Nov 6, 2025
About this video
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com
🔗 Infosec Training That Doesn't Suck- Antisyphon Training
https://www.antisyphontraining.com
🛝Webcast Slides -
https://www.blackhillsinfosec.com/wp-content/uploads/2025/11/SLIDES_2025.11.05-Hacking-JavaScript-Desktop-apps-with-XSS-and-RCE-Anticast.pdf
This 1-hour Anti-Cast provides a hands-on introduction to attack vectors against JavaScript-based desktop apps, focusing on Electron.
We’ll explore real-world vulnerabilities, demonstrating how issues like XSS can lead to Remote Code Execution (RCE). Participants will access practice labs, attack demonstrations on Windows, macOS, and Linux, and learn how to audit and secure desktop apps.
Topics covered include:
- How to audit Electron apps for security flaws
- Understanding XSS in the context of desktop apps
- Turning XSS into RCE in JavaScript apps
- Attacking preload scripts
- RCE via IPC
Chat with your fellow attendees in the Antisyphon Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel
https://poweredbybhis.com
🔗 Infosec Training That Doesn't Suck- Antisyphon Training
https://www.antisyphontraining.com
🛝Webcast Slides -
https://www.blackhillsinfosec.com/wp-content/uploads/2025/11/SLIDES_2025.11.05-Hacking-JavaScript-Desktop-apps-with-XSS-and-RCE-Anticast.pdf
This 1-hour Anti-Cast provides a hands-on introduction to attack vectors against JavaScript-based desktop apps, focusing on Electron.
We’ll explore real-world vulnerabilities, demonstrating how issues like XSS can lead to Remote Code Execution (RCE). Participants will access practice labs, attack demonstrations on Windows, macOS, and Linux, and learn how to audit and secure desktop apps.
Topics covered include:
- How to audit Electron apps for security flaws
- Understanding XSS in the context of desktop apps
- Turning XSS into RCE in JavaScript apps
- Attacking preload scripts
- RCE via IPC
Chat with your fellow attendees in the Antisyphon Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel
Video Information
Views
258
Likes
24
Duration
01:46:37
Published
Nov 6, 2025