What does a trojan look like when it has over 900k combined installs and a Forbes write-up? Exactly like a legitimate Chrome extension.

This session presents a line-by-line source code dissection of two Chrome extensions — exceeding over 900k active installs — that operated as trojans through entirely legitimate browser APIs while evading detection at scale. We'll show exactly how the malicious functionality was built, concealed, and executed, and what defenders missed and why.

That technical foundation anchors a broader analysis of how modern compromises actually succeed: which attack techniques are delivering the highest adversary return today, which defensive assumptions they exploit, and which mitigations are measurably reducing risk versus quietly consuming budget.

Attendees leave with a working defensive prioritization framework grounded in observed attacker behavior — not theoretical threat models.

Source material: Direct extension source code analysis corroborated by Forbes and other established outlets.

What this is not: A vendor pitch, a speculative threat narrative, or a surface-level breach retrospective.