SquareX’s newest book, The Browser Security Field Manual, distills years of security experience into actionable intelligence on the sophisticated Tactics, Techniques, and Procedures (TTPs) attackers use to compromise organizations through employees' browsers.

With limited copies, the book is available only to CISOs and security leaders. If you're attending Black Hat USA 2025, meet our team at Booth #6825 to get your copy!

If you're not attending, click below to join our waitlist, and get notified when copies are available.

— Vivek Ramachandran, Author and SquareX Founder

The book authors — SquareX Founder Vivek Ramachandran and Audrey Adeline, SquareX Researcher — are also giving away exclusive autographed copies at our book signing events. Catch them live at:

Black Hat USA 2025

📍 Breakers Registration 1 & 2, Across the Black Hat Bookstore

📆 August 7th

🕒 3:00pm-3:30pm

DEF CON 33

📍 LVCC L1, Exhibit Hall West 4, V301 Book Signings - Table 4

📆 August 9th

🕒 3:00pm-4:00pm

The Browser Security Field Manual systematically guides practitioners through the techniques attackers are using to target employees in the browser,  covering everything from common to bleeding edge techniques, including sample code snippets and case studies of such attacks unfolding in real life. Major threat vectors covered include:

- Advanced spearphishing techniques

- Malicious browser extensions

- Browser data loss

- Identity attacks

- Browser-native ransomware

This book is also the industry's first resource to be co-authored by leading CISOs from multiple Fortune 500 enterprises and other iconic companies, who share their perspectives on the evolving browser security landscape, the importance of each threat vector, and how they expect these attacks to evolve in the near future:

"Security teams often spend a lot of time focusing software vulnerabilities and hardening endpoints, forgetting a fundamental attacker philosophy: always pick the past of least resistance.

In the modern enterprise, that path is employees. Specifically, employee identities in the browser."

“We are obsessed with locking down our enterprise devices and controlling every single thing users download, install and extract from the device.

Yet, when it comes to the browser, most enterprises have no idea what SaaS apps and extensions employees are using, much less how they are interacting with them.”

Rahul Kashyap

Fmr. CISO at Arista Networks

Rathi Murthy

CTO of Varo Bank, Fmr. CTO of Expedia, Gap, & Verizon

Researcher, SquareX

Audrey currently leads the Year of Browser Bugs (YOBB) project at SquareX which has disclosed multiple major architectural browser vulnerabilities to date. Key discoveries from YOBB include Polymorphic Extensions, Browser Ransomware and Browser Syncjacking, all of which have been covered by major publications such as Forbes, Bleeping Computer and Mashable. She is passionate about furthering cybersecurity education and has run multiple workshops with Stanford University and Women in Security and Privacy (WISP). Prior to SquareX, Audrey was a cybersecurity investor at Sequoia Capital and graduated from the University of Cambridge with a degree in Natural Sciences.

Founder and CEO, SquareX

Vivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. Before that, Vivek’s company built an 802.11ac monitoring product sold exclusively to defense agencies.

SquareX’s extension turns any browser on any device into an enterprise-grade secure browser. SquareX is the only solution that combines all three key components of browser security in a single platform:

• Browser Detection and Response to detect & mitigate web attacks including identity attacks, malicious extensions advanced spearphishing attacks and malicious files
• Enterprise browser to provide secure access to enterprise apps including VDI reduction, BYOD, 3rd party contractors and remote workers
• Browser DLP including GenAI DLP, clipboard DLP, file DLP, insider attacks and data exfiltration attacks

The lightweight browser extension that is compatible with all major popular browsers including Chrome, Edge, Safari and Firefox and can be easily deployed across both managed and unmanaged devices.