Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Learn to identify and assess security risks in browser extensions through this conference talk from Recon Village at DEFCON 33. Discover how browser extensions represent a largely unmonitored threat surface in enterprise environments, with capabilities to read and modify web content, access sensitive data, run arbitrary scripts, and update silently in the background. Explore ExtHuntr, an open-source tool designed to scan installed browser extensions, analyze their permissions and behavior, and generate risk scores to help security teams triage and respond effectively. Understand how extensions are abused in the wild, why even popular and trusted store-listed plugins can suddenly turn malicious, and why store reputation alone proves unreliable as a security control. Gain practical skills in discovering and inventorying browser extensions across user machines at scale, analyzing extension permissions and behaviors to detect over-privileged or suspicious add-ons, and understanding real-world abuse patterns including malicious updates and data exfiltration. Master ExtHuntr's risk scoring logic to prioritize high-risk extensions for review or removal, and learn integration strategies for enterprise workflows and deployment approaches for continuous monitoring of browser extensions across organizational fleets.
