Electron applications Archives

Winsage

December 5, 2025

Decline of Native Windows Apps: Electron’s Rise and Hybrid Future

Native Windows apps, once central to the desktop experience, are declining in favor of web-based technologies like Electron and Chromium. Developers are shifting towards web wrappers for cross-platform compatibility and efficiency, despite performance drawbacks. WhatsApp has transitioned from a native app to a web wrapper, prioritizing maintenance over performance. This trend is evident across various software categories, with applications like Spotify and Slack adopting web frameworks, leading to increased resource consumption and slower performance. Microsoft’s focus on cloud services and AI has influenced this shift, as has the demand for cross-platform solutions. Native apps are being overshadowed by web technologies, which often lack deep integration with Windows features. Performance trade-offs are significant, with web wrappers consuming more memory than native apps. The rise of progressive web apps (PWAs) and AI integration further complicates the landscape, suggesting a future where the definition of "native" may evolve. The tech community is divided on these changes, with some advocating for a balance between web and native solutions.

Winsage

September 12, 2025

Microsoft Store ditches fees for indie devs

Microsoft has announced that individual developers can now publish their applications in the Microsoft Store without incurring any fees, eliminating the previous requirement of a one-time payment. The process has been streamlined, as developers no longer need to provide a credit card to publish their apps. This change applies to over 200 markets and was hinted at during the Build 2025 conference. While individual accounts can publish for free, company accounts still require a one-time fee. Developers must have a Microsoft account, provide identification, submit a selfie for verification, and fill out additional details to register. The Microsoft Store has evolved since its launch in 2012, now supporting various app formats and allowing developers to host apps on their own servers. Popular applications available in the store include Adobe Creative Cloud, Discord, Slack, and Spotify.

Winsage

March 18, 2025

Bypassing Windows Defender Application Control with Loki C2

Microsoft's Windows Defender Application Control (WDAC) has become a target for cybersecurity researchers, with bug bounty payouts for successful bypasses. IBM's X-Force team reported various outcomes from WDAC bypass submissions, including successful bypasses that lead to potential bounties, those added to the WDAC recommended block list, and submissions without recognition. Notable contributors like Jimmy Bayne and Casey Smith have made significant discoveries, while the LOLBAS Project has documented additional bypasses, including the Microsoft Teams application. The X-Force team successfully bypassed WDAC during Red Team Operations using techniques such as utilizing known LOLBINs, DLL side-loading, exploiting custom exclusion rules, and identifying new execution chains in trusted applications. Electron applications, which can execute JavaScript and interact with the operating system, present unique vulnerabilities, as demonstrated by a supply-chain attack on the MiMi chat application. In preparation for a Red Team operation, Bobby Cooke's team explored the legacy Microsoft Teams application, discovering vulnerabilities in signed Node modules that allowed them to execute shellcode without triggering WDAC restrictions. They developed a JavaScript-based C2 framework called Loki C2, designed to operate within WDAC policies and facilitate reconnaissance and payload deployment. A demonstration of Loki C2 showcased its ability to bypass strict WDAC policies by modifying resources of the legitimate Teams application, allowing undetected code execution. The ongoing development of techniques and tools by the X-Force team reflects the evolving cybersecurity landscape and the continuous adaptation required to counter emerging threats.