As time progresses, frameworks like Electron have emerged to simplify cross-platform development, as evidenced by their widespread adoption in applications such as Notion, Microsoft Teams, and Slack. However, with the increasing reliance on such frameworks, the question naturally may arise. How do we conduct security testing for such applications? Are there specific techniques, or is it enough if we rely solely on common methods?
Well, on this occasion, we are releasing a series of articles discussing "Electron-Based Security Testing Fundamentals." Given the importance of understanding the basics of the object to be tested, this series will start by explaining the fundamentals of Electron before finally diving into the discussion of security testing concepts.
_Here are the first two parts that have been released: _
Part 1 https://bit.ly/3y9O9cE
Part 2 https://bit.ly/44tGQbG
Part 3 - 1st Section: Common Method for Extracting and Analyzing. Asar Files
Part 4 - 2nd Section: Information Disclosure of Hardcoded Keys and Encryption Algorithm (in AesFormula.js File) Resulting in Compromised the Real Credentials