What You See IS NOT What You Get: Pwning Electron-based Markdown Note-taking Apps
Markdown rendering in Electron apps opens a surprising attack surface — what looks like plain text can become code execution.
HITCON CMT 2023
Talk delivered at HITCON CMT 2023 (Taipei, August 2023). The presentation explores how Markdown rendering pipelines in popular Electron-based note-taking applications can be abused to achieve code execution, chaining parser quirks with Electron’s Node.js integration.