In this episode, we’re digging into malicious browser extensions...the quiet, often overlooked attack vector living inside nearly every organization. While we focus on patching servers, hardening Active Directory, and deploying EDR, attackers are increasingly abusing the browser as their initial foothold. We’ll break down how these extensions work, why they’re so dangerous, and what IT leaders can realistically do about it.

Check out these resources:

Annex - Enterprise Software Extension Security & Management

https://crxaminer.tech/

https://x.com/tuckner

https://x.com/IceSolst

[email protected]

Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov

Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com

Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.