All that glitters isn't Chrome: Hunting for suspicious browser extensions

BSidesLV 2019

Presented by: Mike Sconzo
Date: Wednesday August 07, 2019
Time: 17:30 - 17:55
Location: Ground Truth

Browser (Chrome) extensions can often be overlooked in an enterprise environment. They offer would-be attackers’ access to all sorts of potentially sensitive information. In order to find interesting ones there are a number of tools and data analysis techniques available. Some of these tools and techniques will be covered so you can hunt through your organizations Chrome extensions in a meaningful way, and understand the risk they pose.

Mike Sconzo

Mike Sconzo has been around the Security Industry for quite some time, and is interested in creating and implementing new methods of detecting unknown and suspicious network activity as well as different approaches for file/malware analysis. This includes looking for protocol anomalies, patterns of network traffic, and various forms of static and dynamic file analysis. He works on reversing malware, tool creation for analysis, and threat intelligence. Currently a lot of his time is spent doing data exploration and tinkering with statistical analysis and machine learning to solve detection and threat intelligence related problems.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats