Electron Proxy Execution : Live 4H Webinar

Most security researchers are not born knowing what to look for. They develop an instinct for asking the right questions, following signals that others miss, and being willing to validate what they suspect might be true.

This webinar is built around one of those moments.

Uriel Kosayev’s original research, “One Electron to Rule them All,” started with a single intuition: Electron-based applications, the same framework behind tools like VS Code, Slack, and hundreds of other applications most teams trust without question, might expose proxy execution behavior that malware can use to evade detection, bypass EDR controls, and abuse application allow-listing policies like AppLocker.

That intuition turned into a full investigation spanning Windows, Linux, and macOS. It produced original research. It connected to MITRE ATT&CK technique T1218.015 (Electron Applications), where Uriel’s name appears as a contributing researcher. And it led to a real-world responsible disclosure case involving Cursor IDE that is still unresolved.

On June 30, 2026, Uriel will walk you through all of it.

What we will cover in the webinar

The session follows the actual path of the research, from the first instinct to the final disclosure:

• The story behind the research: where the idea came from and why it was worth pursuing
• Electron as an attack surface: why Electron applications are everywhere and why their default behavior deserves scrutiny from defenders
• Original research walkthrough: how hypotheses were formed, how assumptions were tested across platforms, and how a single observation expanded into a broader pattern
• Proxy execution and MITRE ATT&CK T1218.015: connecting original findings to a recognized technique and understanding its defensive relevance
• Cross-platform thinking: validating patterns across Windows, Linux, and macOS without treating any platform as an edge case
• Responsible disclosure case study: the Cursor IDE disclosure timeline, the follow-ups, the silence, and what a researcher does next
• Defender takeaways: detection guidance, hardening principles, and how to validate your existing controls against this class of technique

Why this webinar is different?

Most security sessions teach you what to do. This one teaches you how to think.

The research behind this session is original TrainSec material. It connects a single researcher observation to a software pattern that runs across hundreds of widely deployed Electron applications. It shows how that observation became recognized research. And it includes the parts most presentations skip: the uncertainty, the instincts, the doubt, the persistence, and the disclosure process.

If you work in malware analysis, detection engineering, red teaming, or security research, you will leave with a mental model for investigation that does not expire when the next CVE drops.

Who this is for?

• Malware analysts who want to understand real evasion paths and how legitimate software behavior becomes an attack surface
• SOC analysts and detection engineers who want to think beyond signatures and static indicators
• Reverse engineers who want to understand the full research arc, not just the technical output
• Red teamers who want to understand proxy execution from a research and defense perspective
• Cybersecurity students who want to see how a researcher actually thinks, not just how a tool works
• Security leaders who need a clearer picture of why allow-listing and EDR controls must be validated against modern abuse techniques