At Hacktron, we're building collaborative AI agents that act as autonomous security researchers. Learn more about our approach and our AI-driven pentest on Gumroad.
Why does hacking feel like magic? We dive deep into how human hackers think, and how we can design AI agents to find bugs in complex systems the way top security researchers do.
We achieved full RCE on Element Desktop by chaining iframe injection, Electron misconfigs, and a V8 exploit to bypass sandboxing and access Node.js APIs from a subframe.
How a chain of XSS, CSP bypass, and Electron misconfigs led to full remote code execution on Discord Desktop. We walk through the technical details, steps, and lessons learned.
How we achieved remote code execution in Visual Studio Code's Restricted Mode by chaining origin leaks, CSP bypasses, and webview message handler flaws.
