Most browser extensions look harmless—but many silently abuse their permissions to track users, exfiltrate data, and bypass enterprise controls. In this live webinar, we’ll show you how malicious extensions operate behind the scenes, and how SquareX uses advanced static and dynamic analysis to uncover what they’re really doing.

Led by SquareX's Head of Cybersecurity Research Nishant Sharma, this webinar covers:

• Why permissions aren’t the full story — and how attackers exploit them without raising flags
• What dynamic behavior analysis reveals — from stealthy keystroke logging to covert network exfiltration
• How our platform works — see real-time extension inspection, sandbox execution, API tracing, behavioral fingerprinting and more
• How to separate useful extensions from dangerous ones — using transparent, explainable risk scores
• How to operationalize this insight — through policies, automation, and user awareness at scale

👤 Who Should Attend

• Security Analysts & Engineers
• CISOs & IT Risk Managers
• SOC & Incident Response Teams
• Browser Extension Developers
• Privacy-Conscious Users and Advocates

🔍 Live Demo Highlights

• Analyze browser extensions with suspicious permissions and hidden functionality
• Monitor runtime activity: API and Network calls, clipboard reads, background task abuse
• Visualize behavior timelines and drill into activity logs
• Generate easy-to-read extension risk reports for your team

🛠 Key Platform Capabilities

• Hybrid Static + Dynamic Analysis Engine — combining code inspection with runtime behavior monitoring
• Real-Time API & Network Activity Tracing — reveals intent and action
• Risk Score with Transparent Justification — not just a number, but the “why”
• Sandbox Execution — test extensions in isolated environments
• Enterprise Policy & Alerting Framework — whitelist/blacklist, permission thresholds, usage monitoring

Head of Cybersecurity Research, SquareX

Nishant Sharma leads Cybersecurity Research at SquareX, where he focuses on advancing defenses across browser and enterprise security domains. With over a decade of experience in cybersecurity R&D, Nishant previously served as VP of Labs R&D at INE and led research at Pentester Academy, architecting thousands of hands-on labs in host, network, and cloud security on AWS, GCP, and Azure—used by learners in over 125 countries. A seasoned trainer and frequent speaker at DEF CON, Black Hat, and OWASP events, he has delivered over 15 public talks, authored 10+ technical trainings, and released multiple open-source tools. His current interests lie in innovating defensive security for modern enterprise environments.