A repository for researching the security of Visual Studio Code extensions. It includes proof of concept code to demonstrate how an adversary can leverage a malicious extension to access local and remote systems.
- Abusing VSCode: From Malicious Extensions to Stolen Credentials (Part 1)
- Abusing VSCode: From Malicious Extensions to Stolen Credentials (Part 2)
With ❤ from ControlPlane