This video is kinda old, a lot have changed since then. Many things don't apply to today's reality so I'll be doing an updated video in the near future, stay tuned. Starting from Electron 5.0+, `nodeIntegration` is disabled by default. github.com/electron/electron/blob/master/docs/api/breaking-changes.md#new-browserwindow-webpreferences-

Nice!!! First video I see from you. And your drawing style is already better than mine :P Good job :)

YEEEAAAAHHHH!!!

Protip: most Electron applications comes with default devtools shortcut

Coming from liveoverflow's video, that drawing is awesome

Whoa this is quality content! Thank you so much!!!

This is epic After watching your newer videos I decided to watch some of these and I was not disappointed. Amazing that you were still this good at making videos 3 years ago Correction: 2 yrs I can’t count

these videos look so aesthetic

Can you share the electron app and the raw payload so all of us could try the step by step practically ? Thanks for the good video (Y)

Great video! A quick note in case it helps, there is a bumping sound on the left channel of the audio on your videos and is more noticeable wearing headphones. Depending on the source of the sound, a pop filter or shock absorbing mount for your mic would make your video as pleasing to listen to as it is to watch. 😊

dude... you blow my mind. this is awesome....

really enjoy your videos :) may I ask what you use for the graphical parts of your videos? looks really cool

this is amaaazing do more please . also doing course on youtube would be cool

I love this channel. The brain dumps are top notch.

Great video!!! Thanks for sharing. +1 like and subscriber

Crazy.... You guyz are awesome.. loved it.. ❤️ From 🇮🇳

Soo much to learn from you , Hats off Dude

Your videos are very good, keep it like that!

awesome video! which software do you use for drawing lol

Nice i learnt something todayy Had to happen some day.

Great work guys. Simple put.

"It was basically an API?" sure looks a lot like OpenID Connect to mee :D

This is why Discord Desktop is stupid

That was a bit unspecific, is there a writeup?

This channels got me paranoid man

Hi nice video, but I am still a bit confused. what if you have a desktop application only? Is it still advised turning it off? because if you turn it on you can use the desktop API stuff. Also if you don't keep user personal stuff in the localstorage you should be fine right? also if your app is not a server then you are also set to go right?

Wonderful! Great content! :-)

btw discord and element has their developer tols enaled btw

I guess I'm a little confused as to how we're able to validate anything you're saying if you won't even tell us the name of the platform involved. I could make a few videos where I find security holes in a fabricated web app too.

I knew this was gonna be discord from the title

Sir please make more vedios like this 🙏🙏

Nice video. Can you share the final message that you sent it in the last? I did not understand how to bind client/access tokens, UID, GUID and RCE payload together?

What OS are you using?

Good content but the public prefer no 0 days with out information, is better fresh patches cases but with the details

what app you used to create this video

Name a best alternative secure like javafx which I am aware. Which I also aware decompiled easy or use Obfuscate. I need a secure non reverse engineerable application. Can anybody give good advice

You can use 7zip to decompress the asar file

Can I make hackerrank type platform in my own website using this?

So, people had the *BRILLIANT* idea to shove a dedicated browser (Chromium, no less) running a web-app with system-level hooks and extensibility, alongside the forceful system integration known as NodeJS (doing things we shouldn't be doing since the turn of the century, woo) into the general userspace and call it a proper program, all while patching none of the existing vulnerabilities out nor addressing the issue of *running a dedicated Chrome install with system hooks and permissions layered with NodeJS* and calling it """efficient""", god forbid performant. Fast-forward two to three years, and I want to put my head through a brick wall. Not only are pseudo-apps (my own little term for them, since they forcibly try to be something they're not) disturbingly commonplace, but people think that they're a valid gateway for the cross-compatibility angle that people seem to be focused on at the moment. Putting aside the fact that the world's web infrastructure is sadly immature and even prehistoric in certain areas, disregarding the fact that you're combining some of the most broken, forcibly-mutated, and ultimately vulnerable software into something that it isn't, and deploying it into an ecosystem where it doesn't belong, it's just utterly lazy and convoluted. Rather than focusing all of that energy and experimentation on developing legitimate cross-platform libraries and systems, people prefer to make a bloated web-app and have it run using a web browser specifically installed for that one program, then lazily craft C# hooks for pulling system resources and actions into the mix. Sorry for the rant, but goddamn, I'm tired of this craze. It's wrong, it's lazy and yet convoluted, and it's the incorrect approach. Evolution of systems begins by expansion and extrapolation, not by brute-forcing what's comfortable to many people (JS) into areas that shouldn't be involved (desktop development, systems-level I/O, etc.).

found it a littlebit dishonest to say that it works "just by visiting a message in the browser" when it actually is the application running in the background that is the issue.

2020 still watching

so how can one avoid this??

You are a great tutor I wonder how do you know so much I have just started in hacking and I feel so over this if I don't find a vulnerability, so can you tell me how you started

Loved it ❤

Nice! Thanks

Wow great job !!

Great video but I will appreciate if you upload the used resources (exploit and volun app)

Let's destroy notion and discord.

Nice vid man

bro dammm that was just perferccttttt

Yaaasss

I love this channel

heyyy u guys awesome ...

I love it!

Really well done!

Nice job :) great !

nice

Very good video.

You are lit bro

is it just me or is the audio fk*d up? so painful listening to it..

Nice one guys ;)

wow.. thanks microsoft : )

+__+ Awesome Video make more

"decomiple"

i always knew electron apps were not to be trusted!

Need more detail

I SAID THIS TO MY FRIEND BEFORE =) HAHA

Anyone Tauri gang?

betterdiscord is cooler

Anddddd this video is useless now by just don't (nodeIntegration: false) & use new feature called contextBridge in Electron ........ PEACE SON!!

This is literally worthless. Stop spreading misinformation.