awesome-electronjs-hacking
github.com/doyensec/awesome-electronjs-hacking ↗A curated list of awesome resources about Electron.js (in)security
676
GitHub Stars
92
Curated Resources
7
Categories
4 hours ago
Last Refreshed
PresentationsOpen-Source & Commercial ToolsPapersVulnerabilities Write-Ups and ExploitsBlog Posts and ArticlesBooksRelated lists
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me blog posts and articles resources from awesome-electronjs-hacking"
Installation instructions →What's inside
Blog Posts and Articles
- "1-click RCE in Electron Applications", Pavel Shabarkin
- "Abusing Electron apps to bypass macOS' security controls", Wojciech Reguła
- "As It Stands - Electron Security"
Electron Security"
- "Exploiting Electron Applications using Debug Feature", Esecurity Lab
- "How to patch apps with ElectronAsarIntegrity on macOS", Karol Mazurek
- "Instrumenting Electron Apps for Security Testing", Doyensec Blog
Vulnerabilities Write-Ups and Exploits
- "Achieving RCE in famous Japanese chat tool with an obsolete Electron feature", @ryotkak
- "Brave Arbitrary IPC Messages via Prototype Pollution in Function.prototype.call", Masato Kinugawa
- "Breaking Out of Restricted Mode: XSS to RCE in Visual Studio Code", Devesh Logendran
- "Chaining Three Bugs to Get RCE in Microsoft AttackSurfaceAnalyzer", Parsia Hakimian
- "Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access", Gal Weizman
- "Cross-site scripting (XSS) in Microsoft Teams", Evan Grant
Papers
- "Analysis of Electron-based Applications to Identify Xss Flaws Escalating to Code Execution in Open-source Applications", Silvia Väli, 2017
- "An Analysis of the State of Electron Security in the Wild", Benjamin Altpeter, 2020
- "Electrolint and Security of Electron Applications", Ksenia Peguero, 2021
- "Electron Security Checklist", Luca Carettoni, 2017
- "Pentest-Report Ethereum Mist", Cure53, 2017
- "Pentest-Report Frame Electron App", Cure53, 2018
Presentations
- "app setAsDefaultRCE Client: Electron, scheme handlers and stealthy security patches", Juho Nurminen, ZeroNights 2019
- "Building a secure web browser in Electron", Yan @bcrypt, Electron Meetup 2/2018
- "Democratizing Electron.js Security", Luca Carettoni, Covalence 2020 SF
- "Electron: Abusing the lack of context isolation", Masato Kinugawa, CureCon 2018
- "Electronegativity - A Study of Electron Security", Luca Carettoni, BlackHat USA 2017
A Study of Electron Security", Luca Carettoni, BlackHat USA 2017
- "ElectroVolt - Pwning Popular Desktop apps while uncovering new attack surface on Electron", Mohan Sri Rama Krishna Max Garrett Aaditya Purani William Bowling, BlackHat USA 2022 and Nullcon Goa 2022
Pwning Popular Desktop apps while uncovering new attack surface on Electron", Mohan Sri Rama Krishna Max Garrett Aaditya Purani William Bowling, BlackHat USA 2022 and Nullcon Goa 2022
Related lists
Showing a sample of 92 resources. View the full list on GitHub →