{"id":15574,"date":"2019-08-29T17:15:54","date_gmt":"2019-08-29T16:15:54","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=15574"},"modified":"2021-06-17T08:25:49","modified_gmt":"2021-06-17T07:25:49","slug":"beemka-electron-post-exploitation-when-the-land-is-dry","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/","title":{"rendered":"BEEMKA &#8211; Electron Post-Exploitation When The Land Is Dry"},"content":{"rendered":"<p><a style=\"margin-left: 1em; margin-right: 1em; text-align: center;\" href=\"https:\/\/1.bp.blogspot.com\/--k9GnoyEsSA\/XWeNvLIgHmI\/AAAAAAAAArc\/MZmZ_YLU1tIfDG85RMpZVTRT_tYOvItFACLcBGAs\/s1600\/header.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/--k9GnoyEsSA\/XWeNvLIgHmI\/AAAAAAAAArc\/MZmZ_YLU1tIfDG85RMpZVTRT_tYOvItFACLcBGAs\/s640\/header.png\" width=\"640\" height=\"240\" border=\"0\" data-original-height=\"350\" data-original-width=\"927\" \/><\/a><\/p>\n<div style=\"text-align: justify;\">\n<div>Lors de les BSides Las Vegas 2019, Pavel \u00ab @ sadreck \u00bb Tsakalidis a pr\u00e9sent\u00e9 un nouveau framework de post-exploitation qui repose sur l\u2019utilisation d\u2019Electron par des \u00ab applications desktop \u00bb. Sa pr\u00e9sentation d\u00e9montre que l\u2019utilisation massive d\u2019Electron ces derni\u00e8res ann\u00e9es peut \u00eatre utilis\u00e9e pour injecter du code malveillant dans des applications l\u00e9gitimes.<\/div>\n<div>Le projet peut \u00eatre retrouv\u00e9 sur le d\u00e9p\u00f4t GitHub suivant :\u00a0<a href=\"https:\/\/github.com\/ctxis\/beemka\">https:\/\/github.com\/ctxis\/beemka<\/a>.<\/div>\n<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<h3 style=\"text-align: justify;\">Introduction<\/h3>\n<div style=\"text-align: justify;\">Electron est un framework permettant de d\u00e9velopper des applications multiplateformes avec des technologies web (Javascript, HTLM et CSS).<\/div>\n<div style=\"text-align: justify;\">Son fonctionnement est assez simple, Electron utilise \u00ab node.js \u00bb en backend et \u00ab Chromium \u00bb en frontend :<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">\n<figure id=\"post-15898 media-15898\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-15898\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/08\/2-BEEMKA-437x165.png\" alt=\"\" width=\"437\" height=\"165\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/08\/2-BEEMKA-437x165.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/08\/2-BEEMKA-71x27.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/08\/2-BEEMKA-768x290.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/08\/2-BEEMKA.png 927w\" sizes=\"auto, (max-width: 437px) 100vw, 437px\" \/><\/figure>\n<div style=\"text-align: center;\"><span style=\"font-size: x-small;\"><i>Components of Electron\u00a0<\/i><\/span><\/div>\n<div style=\"text-align: center;\"><span style=\"font-size: x-small;\"><i><a href=\"https:\/\/www.wildnettechnologies.com\/build-cross-platform-desktop-apps-with-electron\/\">https:\/\/www.wildnettechnologies.com\/build-cross-platform-desktop-apps-with-electron\/<\/a><\/i><\/span><\/div>\n<div><\/div>\n<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">Electron a notamment permis de d\u00e9velopper des applications aujourd\u2019hui incontournables en entreprise :<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><a style=\"margin-left: 1em; margin-right: 1em;\" href=\"https:\/\/1.bp.blogspot.com\/-tnbHTpC5ffw\/XWeNuKPtguI\/AAAAAAAAAro\/jl-POTPMvlAqpnWfA56w1MVllExfB5BBgCEwYBhgL\/s1600\/2.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-tnbHTpC5ffw\/XWeNuKPtguI\/AAAAAAAAAro\/jl-POTPMvlAqpnWfA56w1MVllExfB5BBgCEwYBhgL\/s640\/2.png\" width=\"640\" height=\"208\" border=\"0\" data-original-height=\"394\" data-original-width=\"1201\" \/><\/a><\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: center;\"><i><span style=\"font-size: x-small;\">Applications Electron<\/span><\/i><\/div>\n<div style=\"text-align: justify;\"><\/div>\n<h3 style=\"text-align: justify;\">Principe de l\u2019attaque<\/h3>\n<div style=\"text-align: justify;\">Les applications Slack, GitHub ou encore Microsoft Teams utilisent le dossier \u00ab App Data \u00bb lors de l\u2019installation. Il est donc possible pour l\u2019utilisateur d\u2019acc\u00e9der en \u00e9criture au r\u00e9pertoire d\u2019installation.<\/div>\n<div style=\"text-align: justify;\">Toutes les applications Electron poss\u00e8dent un dossier &#8220;resources&#8221; dans leur r\u00e9pertoire d&#8217;installation :<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><\/div>\n<div><img decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/1.bp.blogspot.com\/-xw6deGNkoZI\/XWeNuBTgTyI\/AAAAAAAAArg\/8Gm4R6E1tA0Ox8jFgFR6Fca7U5HkKcfkwCEwYBhgL\/s1600\/3.png\" \/><\/div>\n<div style=\"text-align: center;\"><i><span style=\"font-size: x-small;\">Illustration avec GitHubDesktop<\/span><\/i><\/div>\n<div style=\"text-align: center;\"><i>\u00a0<\/i><\/div>\n<div style=\"text-align: justify;\">Ce dossier contient g\u00e9n\u00e9ralement :<\/div>\n<ul>\n<li>Le dossier \u00ab app \u00bb qui contient l\u2019application ;<\/li>\n<li>Le fichier \u00ab electron.asar \u00bb qui pr\u00e9pare l\u2019environnement Chronium au lancement de l\u2019application.<\/li>\n<\/ul>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">Le fichier \u00ab electron.asar \u00bb peut \u00eatre consid\u00e9r\u00e9 comme une archive qui contient des scripts \u00ab *.js \u00bb :<\/div>\n<div style=\"text-align: justify;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-16154\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/08\/code-beemka-js-437x37.png\" alt=\"\" width=\"437\" height=\"37\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/08\/code-beemka-js-437x37.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/08\/code-beemka-js-71x6.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/08\/code-beemka-js.png 712w\" sizes=\"auto, (max-width: 437px) 100vw, 437px\" \/><\/div>\n<div><\/div>\n<div><\/div>\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-G0TPjCyHF3c\/XWeNuDmYBII\/AAAAAAAAAro\/OQ7CY0443e8i6GXHJwk_Z-_RAVK686RwgCEwYBhgL\/s1600\/4.png\" \/><\/div>\n<div style=\"text-align: center;\"><i><span style=\"font-size: x-small;\">Conteneur \u00ab electron.asar \u00bb<\/span><\/i><\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">Le fichier \u00ab chrome-extension.js \u00bb permet la gestion de l\u2019environnement Chronium :<\/div>\n<figure id=\"post-16156 media-16156\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-16156 alignleft\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/08\/code-beem-ka-2-437x23.png\" alt=\"\" width=\"437\" height=\"23\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/08\/code-beem-ka-2-437x23.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/08\/code-beem-ka-2-71x4.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2019\/08\/code-beem-ka-2.png 714w\" sizes=\"auto, (max-width: 437px) 100vw, 437px\" \/><\/figure>\n<p>&nbsp;<\/p>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">Pavel propose ainsi d\u2019injecter directement dans ce fichier du code javascript, permettant de lancer une action malveillante lors d\u2019un \u00e9v\u00e8nement sp\u00e9cifique :<\/div>\n<p><span class=\"w-code\"><span class=\"w-root\">app<\/span>.on(&#8216;<span class=\"w-server\">browser-window-focus<\/span>&#8216;, function (event, bWindow) { <span class=\"w-root\">bWindow<\/span>.webContents.<span class=\"w-grepped\">executeJavaScript<\/span>(&#8220;<span class=\"w-server\">alert(Hello Github !!&#8217;);<\/span>&#8220;) }) <\/span><\/p>\n<p>&nbsp;<\/p>\n<div style=\"text-align: justify;\">Lors de l\u2019ouverture de l\u2019application (apr\u00e8s avoir pack\u00e9 le fichier \u00ab electron.asar \u00bb et red\u00e9pos\u00e9 dans le r\u00e9pertoire \u00ab resource \u00bb), un pop-up (XSS style) va s\u2019ouvrir dans l\u2019application GitHub Desktop :<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/1.bp.blogspot.com\/-AvxSdvn3kMg\/XWeNu780hcI\/AAAAAAAAArk\/_psRbes4m7YyzYT5icMD_mYD7xRT2YeXQCEwYBhgL\/s1600\/5.png\" width=\"314\" height=\"177\" \/><\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: center;\"><i><span style=\"font-size: x-small;\">Illustration avec GitHub Desktop<\/span><\/i><\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">Le code est donc correctement ex\u00e9cut\u00e9.<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<h3 style=\"text-align: justify;\">D\u00e9monstration<\/h3>\n<div style=\"text-align: justify;\">La vid\u00e9o suivante pr\u00e9sente une d\u00e9monstration du module \u00ab rshell_cmd \u00bb dans GitHub Desktop, permettant d\u2019ouvrir un reverse shell vers notre listener :<\/div>\n<div style=\"text-align: center;\"><iframe loading=\"lazy\" src=\"https:\/\/bit.ly\/2PBBGb1\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">\n<div>La commande utilis\u00e9e est la suivante :<\/div>\n<p><span class=\"w-code\">$ <span class=\"w-cli\">python3<\/span> .\/beemka\/beemka.py &#8212;<span class=\"w-cli\">inject <\/span>&#8212;<span class=\"w-cli\">module <\/span>rshell_cmd &#8212;<span class=\"w-cli\">asar<\/span> .\/electron_safe.asar &#8212;<span class=\"w-cli\">output <\/span>.\/electron.asar<\/span><\/p>\n<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">De plus, l\u2019ex\u00e9cutable de l\u2019application \u00ab GitHub Desktop \u00bb n\u2019est jamais modifi\u00e9 durant la modification du fichier \u00ab asar \u00bb. Cette technique peut donc permettre de contourner une politique de filtrage pr\u00e9sente sur le poste.<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<h3 style=\"text-align: justify;\">Conclusion<\/h3>\n<div style=\"text-align: justify;\">Le framework pr\u00e9sent\u00e9 par Pavel est tr\u00e8s int\u00e9ressant pour compl\u00e9ter ses techniques de persistance. En effet, il se base sur le fonctionnement intrins\u00e8que d\u2019Electron et ne n\u00e9cessite pas d\u2019exploiter une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans les applications.<\/div>\n<div style=\"text-align: justify;\">Le framework permet aussi d\u2019aller plus loin en acc\u00e9dant aux donn\u00e9es des applications mais aussi de r\u00e9aliser d\u2019autres op\u00e9rations comme d\u00e9poser un keylogger, prendre un Screenshot, \u2026<\/div>\n<div style=\"text-align: justify;\">A ce jour, aucune solution n\u2019\u00e9tait propos\u00e9e par Electron pour mieux v\u00e9rifier l\u2019int\u00e9grit\u00e9 des fichiers des applications. Le plus simple est d\u2019installer les applications dans \u00ab Programmes files \u00bb avec les privil\u00e8ges administrateurs pour ne pas permettre \u00e0 un utilisateur standard d\u2019\u00e9diter le fichier \u00ab electron.asar \u00bb.<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">Ps : BloodHound est aussi une application Electron, une bonne \u00ab blague \u00bb \u00e0 faire aux \u00e9quipes Red\/Blue Team :<\/div>\n<div style=\"text-align: center;\"><iframe loading=\"lazy\" src=\"https:\/\/bit.ly\/2L30Yuk\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">\n<div style=\"text-align: right;\"><\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div style=\"text-align: justify;\">\n<h4>R\u00e9f\u00e9rences<\/h4>\n<\/div>\n<div style=\"text-align: justify;\"><a href=\"https:\/\/www.contextis.com\/en\/blog\/basic-electron-framework-exploitation\">https:\/\/www.contextis.com\/en\/blog\/basic-electron-framework-exploitation<\/a><\/div>\n<div style=\"text-align: justify;\"><a href=\"https:\/\/github.com\/ctxis\/beemka\">https:\/\/github.com\/ctxis\/beemka<\/a><\/div>\n<div style=\"text-align: justify;\"><a href=\"https:\/\/electronjs.org\/docs\/tutorial\/application-architecture\">https:\/\/electronjs.org\/docs\/tutorial\/application-architecture<\/a><\/div>\n<div style=\"text-align: justify;\"><a href=\"https:\/\/www.wildnettechnologies.com\/build-cross-platform-desktop-apps-with-electron\/\">https:\/\/www.wildnettechnologies.com\/build-cross-platform-desktop-apps-with-electron\/<\/a><\/div>\n<div style=\"text-align: justify;\"><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Lors de les BSides Las Vegas 2019, Pavel \u00ab @ sadreck \u00bb Tsakalidis a pr\u00e9sent\u00e9 un nouveau framework de post-exploitation qui repose sur l\u2019utilisation d\u2019Electron par des \u00ab applications desktop \u00bb. Sa pr\u00e9sentation d\u00e9montre que l\u2019utilisation massive d\u2019Electron ces derni\u00e8res&#8230;<\/p>\n","protected":false},"author":1384,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3908,36,3853],"tags":[3888,3891,2885,3886,3890,1612,3887,3884,3885,3889],"coauthors":[3601],"class_list":["post-15574","post","type-post","status-publish","format-standard","hentry","category-challenges","category-cybersecurity-digital-trust","category-how-to","tag-beemka","tag-compte-rendu","tag-detection","tag-discord","tag-electron","tag-framework","tag-github","tag-skype","tag-slack","tag-vulnerability-management-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>BEEMKA - Electron Post-Exploitation When The Land Is Dry - RiskInsight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BEEMKA - Electron Post-Exploitation When The Land Is Dry - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Lors de les BSides Las Vegas 2019, Pavel \u00ab @ sadreck \u00bb Tsakalidis a pr\u00e9sent\u00e9 un nouveau framework de post-exploitation qui repose sur l\u2019utilisation d\u2019Electron par des \u00ab applications desktop \u00bb. Sa pr\u00e9sentation d\u00e9montre que l\u2019utilisation massive d\u2019Electron ces derni\u00e8res...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-29T16:15:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-17T07:25:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/--k9GnoyEsSA\/XWeNvLIgHmI\/AAAAAAAAArc\/MZmZ_YLU1tIfDG85RMpZVTRT_tYOvItFACLcBGAs\/s640\/header.png\" \/>\n<meta name=\"author\" content=\"R\u00e9mi Escourrou\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R\u00e9mi Escourrou\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/\"},\"author\":{\"name\":\"R\u00e9mi Escourrou\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/65383393b3256e1e7c9c674bd1c72607\"},\"headline\":\"BEEMKA &#8211; Electron Post-Exploitation When The Land Is Dry\",\"datePublished\":\"2019-08-29T16:15:54+00:00\",\"dateModified\":\"2021-06-17T07:25:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/\"},\"wordCount\":599,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/--k9GnoyEsSA\/XWeNvLIgHmI\/AAAAAAAAArc\/MZmZ_YLU1tIfDG85RMpZVTRT_tYOvItFACLcBGAs\/s640\/header.png\",\"keywords\":[\"beemka\",\"compte rendu\",\"d\u00e9tection\",\"discord\",\"electron\",\"framework\",\"github\",\"Skype\",\"Slack\",\"vulnerability management\"],\"articleSection\":[\"Challenges\",\"Cybersecurity &amp; Digital Trust\",\"How to\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/\",\"name\":\"BEEMKA - Electron Post-Exploitation When The Land Is Dry - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/--k9GnoyEsSA\/XWeNvLIgHmI\/AAAAAAAAArc\/MZmZ_YLU1tIfDG85RMpZVTRT_tYOvItFACLcBGAs\/s640\/header.png\",\"datePublished\":\"2019-08-29T16:15:54+00:00\",\"dateModified\":\"2021-06-17T07:25:49+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/--k9GnoyEsSA\/XWeNvLIgHmI\/AAAAAAAAArc\/MZmZ_YLU1tIfDG85RMpZVTRT_tYOvItFACLcBGAs\/s640\/header.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/--k9GnoyEsSA\/XWeNvLIgHmI\/AAAAAAAAArc\/MZmZ_YLU1tIfDG85RMpZVTRT_tYOvItFACLcBGAs\/s640\/header.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"BEEMKA &#8211; Electron Post-Exploitation When The Land Is Dry\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/65383393b3256e1e7c9c674bd1c72607\",\"name\":\"R\u00e9mi Escourrou\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/remi-escourrou\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BEEMKA - Electron Post-Exploitation When The Land Is Dry - RiskInsight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/","og_locale":"en_US","og_type":"article","og_title":"BEEMKA - Electron Post-Exploitation When The Land Is Dry - RiskInsight","og_description":"Lors de les BSides Las Vegas 2019, Pavel \u00ab @ sadreck \u00bb Tsakalidis a pr\u00e9sent\u00e9 un nouveau framework de post-exploitation qui repose sur l\u2019utilisation d\u2019Electron par des \u00ab applications desktop \u00bb. Sa pr\u00e9sentation d\u00e9montre que l\u2019utilisation massive d\u2019Electron ces derni\u00e8res...","og_url":"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/","og_site_name":"RiskInsight","article_published_time":"2019-08-29T16:15:54+00:00","article_modified_time":"2021-06-17T07:25:49+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/--k9GnoyEsSA\/XWeNvLIgHmI\/AAAAAAAAArc\/MZmZ_YLU1tIfDG85RMpZVTRT_tYOvItFACLcBGAs\/s640\/header.png","type":"","width":"","height":""}],"author":"R\u00e9mi Escourrou","twitter_misc":{"Written by":"R\u00e9mi Escourrou","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/"},"author":{"name":"R\u00e9mi Escourrou","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/65383393b3256e1e7c9c674bd1c72607"},"headline":"BEEMKA &#8211; Electron Post-Exploitation When The Land Is Dry","datePublished":"2019-08-29T16:15:54+00:00","dateModified":"2021-06-17T07:25:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/"},"wordCount":599,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/--k9GnoyEsSA\/XWeNvLIgHmI\/AAAAAAAAArc\/MZmZ_YLU1tIfDG85RMpZVTRT_tYOvItFACLcBGAs\/s640\/header.png","keywords":["beemka","compte rendu","d\u00e9tection","discord","electron","framework","github","Skype","Slack","vulnerability management"],"articleSection":["Challenges","Cybersecurity &amp; Digital Trust","How to"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/","url":"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/","name":"BEEMKA - Electron Post-Exploitation When The Land Is Dry - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/--k9GnoyEsSA\/XWeNvLIgHmI\/AAAAAAAAArc\/MZmZ_YLU1tIfDG85RMpZVTRT_tYOvItFACLcBGAs\/s640\/header.png","datePublished":"2019-08-29T16:15:54+00:00","dateModified":"2021-06-17T07:25:49+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/--k9GnoyEsSA\/XWeNvLIgHmI\/AAAAAAAAArc\/MZmZ_YLU1tIfDG85RMpZVTRT_tYOvItFACLcBGAs\/s640\/header.png","contentUrl":"https:\/\/1.bp.blogspot.com\/--k9GnoyEsSA\/XWeNvLIgHmI\/AAAAAAAAArc\/MZmZ_YLU1tIfDG85RMpZVTRT_tYOvItFACLcBGAs\/s640\/header.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2019\/08\/beemka-electron-post-exploitation-when-the-land-is-dry\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"BEEMKA &#8211; Electron Post-Exploitation When The Land Is Dry"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/65383393b3256e1e7c9c674bd1c72607","name":"R\u00e9mi Escourrou","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/remi-escourrou\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15574","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1384"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=15574"}],"version-history":[{"count":7,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15574\/revisions"}],"predecessor-version":[{"id":16159,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15574\/revisions\/16159"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=15574"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=15574"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=15574"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=15574"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}