About the Speaker

Modern browsers have evolved into the most critical security boundary inside enterprise environments. They manage authentication tokens, handle sensitive business workflows, run complex JavaScript/WASM applications, and rely on a rapidly expanding ecosystem of MV3 extensions—many with privileges unavailable to normal web applications. This shift has made browser extensions one of the most powerful and least-monitored attack surfaces.
Attackers are increasingly exploiting this blind spot through stealthy, malicious, and polymorphic extensions capable of persistence, credential theft, OAuth manipulation, download interception, and lateral movement—all while evading traditional endpoint defenses.
This 2-hour hands-on workshop provides a practical deep dive into how extension-based attacks are built, mutated, and detected. Participants begin by constructing a benign MV3 extension and progressively transform it into a controlled malicious implant. The workshop covers the attacker techniques seen in real-world campaigns, including conditional triggers, randomized logic paths, hidden data flows, runtime mutation, OAuth-flow abuse, download interception, and autofill credential theft.
By the end, attendees will understand modern browser trust boundaries, extension internals, and client-side exploitation models, along with a repeatable methodology for forensic investigation, detection, and enterprise-level containment of malicious or polymorphic extensions. This training is ideal for security engineers, red/blue/purple teams, DFIR analysts, researchers, and browser/extension developers.

Tejeswar Reddy is a security researcher at SquareX, CSE graduate of the prestigious IIT, he has developed adversarial simulation toolkits that recreate sophisticated browser-based attacks--from social engineering to phishing and malicious extensions.