Finding 0-days in electron app Bruno

This time, Justin will be giving a presentation on his discovery of multiple 0-day vulnerabilities in the Electron application BRUNO (https://www.usebruno.com/). He’ll start with an overview of the structure of an Electron app, then take us through his journey of how he achieved RCE (Remote Code Execution), arbitrary file write and stored XSS in this popular API client.