Profile avatar
johntuckner.me
Working on finding bad browser extensions. More at: https://secureannex.com
194 posts 672 followers 284 following
Prolific Poster
Active Commenter
Posts 30 Comments 20

Traveling to NYC for SnooSec next week. Am I going to see anyone there?

submitted 2 days ago • 0 comments

A good summary of the Material Theme IDE extension situation this past week andrews.substack.com/p/re-vscode-...

submitted 3 days ago • 0 comments

Check out Red Canary's latest threat report covering the increased used of browser extensions as an attack vector. redcanary.com/blog/threat-...

submitted 12 days ago • 0 comments

Tomorrow I'm talking with Ken Westin of LimaCharlie about the new Secure Annex plugin that brings enrichment to browser extensions seen by their agent. No more lists of extensions in use across multiple browsers and manually reviewing when you could have everything available.

submitted 15 days ago • 0 comments

One of the hardest parts of managing browser extensions is being notified when they change unexpectedly. Secure Annex now does proactive alerting on a key set of extension related changes like ownership, visibility, and disposition.

submitted 16 days ago • 1 comment

Monitoring is released now. Two extensions for everyone. More next week! 🤫♥️

submitted 18 days ago • 0 comments

Getting pretty excited for the extension monitoring features so organizations can be alerted to new owners, if an extensions disposition changes, version updates and much more. A couple screenshots for sneak peaks. If this sounds interesting to you, please get in touch!

submitted 20 days ago • 0 comments

If you use Elastic, @acjewitt.bsky.social wrote up how you can use their osquery based agent to get an inventory of browser extensions in your environment allowing you to know what is installed by your users no matter what browser. More with Elastic to come 👨‍🍳

submitted 27 days ago • 0 comments

It must be embarrassing to join Signal now

submitted 28 days ago • 1 comment

Great research from Palant how extensions are still loading and executing remote code in extensions with manifest v3. The dynamic declarativeNetRequest is dangerous and often removes 'Content-Security-Policy' headers leaving users exposed. https://palant.info/2025/02/03/analysis-of-an-advanced-mal…

submitted 29 days ago • 0 comments

F

submitted 30 days ago • 1 comment

I've always been driven to make tools that the community can adopt easily which solve real problems. It's been so encouraging to see folks adding the @secureannex.com enrichment APIs to their projects.

submitted 30 days ago • 0 comments

With the Secure Annex plugin for LimaCharlie, you can now run detection & response rules against the browser extensions. Not just to detect what permissions they use, but their categories, vulnerabilities, and if they have a low rating in the webstore! https://github.com/secureannex/limacharlie-ru…

submitted 33 days ago • 0 comments

Secure Annex can now be used directly from with @limacharlie.io 's SecOps Cloud Platform. Installed agents give visibility into extensions utilized and are now enriched. These attributes can be used to run D&R rules for immediate response to issues. https://limacharlie.io/blog/automating_browser_e…

submitted 34 days ago • 1 comment

Neat new project called ExtensionHound which looks at network connection artifacts left by browser extensions allowing teams to understand what domains are being contacted even when they're dynamically passed instead of being hardcoded in the extension.

submitted 36 days ago • 0 comments

Turns out it wasn't priced in

submitted 37 days ago • 0 comments

The extension Reader Mode, which was identified in selling the clickstream data of 300,000 users to two different companies, has removed both of the known libraries as of January 5th. The published user count dipped to 200,000 over the past month. Going to call that progress.

submitted 37 days ago • 0 comments

Google launched a new enterprise Chrome Web Store experience this week. Some of the highlights: - Promote 'trusted' extensions - Blocking extensions based on tags - Force uninstall an extension - Exporting of risk scores https://cloud.google.com/blog/products/chrome-enterp…

submitted 40 days ago • 1 comment

One point from the Cyberhaven incident was that extension was controlled remotely by attacker configuration. MV3 removed the ability to run remote scripts. Extensions are required to have their code defined in the package now, but the configurations can still be dynamic.

submitted 41 days ago • 0 comments

Ever wondered the reason why the extension you actually want is buried in the Chrome Web Store search results? Turns out it is because other publishers can stuff keywords into the files used to support other languages in order to increase the ranking.

submitted 43 days ago • 1 comment

Almog nailed this quick overview of browser extension management maturity. Explaining these stages has come up frequently for me over the past couple of weeks. Would a more detailed and in depth maturity model be helpful for folks just starting to get a handle on browser extensions?

submitted 47 days ago • 0 comments

Thank you Dark Reading for the latest feature of @secureannex which provides actionable steps teams can take moving forward after mass scale extension compromises hit many organizations.

submitted 48 days ago • 0 comments

Did you know that browser extensions can talk to each other? It needs to be explicitly configured for an extension to receive a message from another, but each extension isn't necessarily isolated from the others you might have installed. Has anyone ever seen this used for 'fun'? 😈

submitted 49 days ago • 0 comments

Browser extension management isn't a set it and forget it solution. There is an explosion of sales and AI tools that run as browser extensions which your users will request. Use @secureannex.com and @tineshq.bsky.social to provide context to admins so they can evaluate requests accurately

submitted 50 days ago • 0 comments

Working towards making extensions more accessible altogether, but for now making the manifests available via an API so perhaps folks can run detection rules more easily than having to dig up a file from a host or some other gnarly alternative.

submitted 54 days ago • 0 comments

Mike makes some ridiculously cool solutions with Google SecOps and I'm flattered to be a part of his latest! Can't beat real time enrichment in one of the best large security data platforms out there. https://buff.ly/4gOHhm8

submitted 55 days ago • 0 comments

If you're starting the week looking at setting up Chrome extension allowlists and request workflows, I have a blog on setting up the request notifications to help make it easier!

submitted 57 days ago • 0 comments

🚀 Excited to announce the alpha release of NIMS - a Notion-based Incident Management System! Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features. #InfoSec #DFIR #IncidentResponse #SecOps #Notion

submitted 58 days ago • 4 comments

I worked with ArsTechnica to get a detailed assessment of the Cyberhaven incident out there including how we stumbled upon another suspicious behavior and steps organizations can take after this whole thing. arstechnica.com/security/202...

submitted 61 days ago • 0 comments

We're back with Defender Fridays tomorrow at 10:30am PT / 1:30pm ET - Matt Bromiley from LimaCharlie will talk about safe browser extensions. Come join the conversation! limacharlie.io/defender-fri...

submitted 62 days ago • 0 comments