Hacking Modern Desktop apps with XSS and RCE: Free Workshop – Jan 14

Are you the kind of person who enjoys Workshops with practical information that you can immediately apply to your work? “Hacking Modern Desktop apps: Master the Future of Attack Vectors” is a desktop app security course that provides you with case studies from real-world vulnerable applications.

Register now to learn techniques to take your desktop app security auditing kung-fu to the next level.

The course (Hacking Modern Desktop apps) covers attacks and mitigation against desktop apps on Linux, Windows and Mac OS X with focus on Electron apps. And yet techniques covered will be helpful against other desktop platforms, CSP bypasses and other web security techniques.

This brief 60-minute workshop explains what the course covers along with few lab samples covering the following topics:

  • Essential techniques to audit Electron applications
  • What XSS means in a desktop application
  • How to turn XSS into RCE in Modern apps
  • Attacking preload scripts
  • RCE via IPC

Attendants will be provided with training portal access to practice the attack vectors covered. This includes:

  • Lifetime access to a training portal
  • Vulnerable apps to practice
  • Guided exercise PDFs
  • Video recording explaining how to solve the exercises

Come and join us for this 60-minute hacking session, we’re sure you’ll leave with a thirst for more!

Hacking Desktop Apps

Audience level

From new to advanced, content should keep all skill levels happy

Presented by:

Abraham Aranguren: After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Creator of “Practical Web Defense” – a hands-on eLearnSecurity attack / defense course (www.elearnsecurity.com/PWD), OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity@7a_@owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications

For the most up-to-date information about upcoming training events, including free workshops, check this.

New Year Sale is on! Check here