this browser hack can steal everything

Breaking down this insane Polymorphic Browser Extension hack

I demo that showcases a sophisticated technique involving polymorphic browser extensions. This method highlights the potential risks posed by browser extensions with extensive permissions, demonstrating how a malicious extension can masquerade as a legitimate one like 1Password to steal sensitive information.

00:00 Introduction to a Jaw-Dropping Hacking Demo
00:42 Understanding Polymorphic Extensions
02:04 Phases of the Attack
03:40 Live Demo of the Attack
06:36 Personal History and Early Research
10:09 Real-World Examples and Implications
12:46 Security Recommendations and Conclusion

The Polymorphic Extension research - https://labs.sqrx.com/polymorp....hic-extensions-dd231

My 2011 BlackHat talk - https://youtu.be/KiE6VNjW8ic?si=AijtpDbuatMA2rAR

MY OTHER SOCIALS
🌎Website / Blog https://www.vulnu.com/
📰Newsletter / https://www.vulnu.com/subscribe/
📷 Instagram / https://www.instagram.com/mattjayy
🐦Twitter / https://x.com/mattjay
🔗LinkedIn / https://www.linkedin.com/in/matthewjohansen/
🦋 Bsky / https://bsky.app/profile/mattjay.com

ABOUT ME
In case we haven’t met yet, I’m your friendly neighborhood security guy 👋 I'm a computer security veteran who has helped defend startups, the biggest financial companies in the world, and everything in between. Through my podcast, free newsletter, and YouTube channel, I bring you curated cyber security news and personal and professional growth with a mental health cherry on top.