BEEMKA / Electron Post-Exploitation When The Land Is Dry

BSidesLV 2019

Presented by: Pavel Tsakalidis
Date: Tuesday August 06, 2019
Time: 11:30 - 12:25
Location: Breaking Ground

Now that you have a shell, you need to establish persistence. How about this time, you use slack.exe without modifying its signature? Or Skype, WhatsApp, or even Visual Studio Code?

An architecture decision makes backdooring legitimate applications easy, and enables attackers to egress data from both within the application (your stored passwords / application session etc) and from the operating system. And as ElectronJS is cross-platform, the sky’s the limit! Batteries included – yes, there’s a tool for that!

Pavel Tsakalidis

Pavel is a security consultant for Context Information Security, based in London. Other than security related interests, hobbies include playing around with raspberry pi’s, making “books to read” lists that will never be read, and starting side-projects that never finish. Also, for 10 years he’s been a PHP developer therefore spends his extra time defending PHP.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats