![]() Here's how to find browser extensions in osquery at scale.īy default, osquery is going to run the query you pass to it in the context of the user it is running as - in the case of me on my local machine, it’s my account. While osquery will let you query one machine, commercial grade solutions (transparency alert.I work for Uptycs and this is part of what we do) will let you run this query and uncover vulnerable browser extensions across every machine in your organization - all in the matter of minutes! No waiting for a signature to be updated in a definition or IOC package, you just create the SQL yourself and you have your answer. With this we’re able to verify the version on a single machine, but what if you want to take this from a neat trick on your local machine to an actual report on the state of your OS X machines across your enterprise for this vulnerability? Finding browser extensions in osquery for your entire enterprise If you are running Firefox, query: select name, version from firefox_addons osquery> select name, version from chrome_extensions Then, I look at the osquery table for chrome extensions, refining it to specifically return extensions containing %Cisco%. I've opened up osqueryi on my mac to search for the Chrome extension. Osquery, by its nature, lets you ask a question and receive a response from a single specified endpoint. The Webex plugin did not affect all operating systems, but investigating it can still serve as a good example of how easy it is to identify browser extensions on Macs and Linux workstations using osquery. We'll use the Cisco Webex scenario as an example of how to find browser extensions using osquery. You can continue to follow this post for steps on how to find a browser extension in osquery for a single machine as well as at scale OR if you hate reading, scroll to the end or click the link below to watch a video instead.Īhhh good, we've got a reader on our hands. Thankfully, finding browser extensions in osquery is fast and pretty easy because there are tables for Chrome, Safari, Opera and Firefox extensions. Locating the versions of software installed across your organization isn't so hard, but getting to the browser extensions requires more legwork, whether checking machines manually or with a script. It is easy to see why you'd want to have a quick and reliable way to check on browser extensions. This past November, Cisco's Webex extension - a widely adopted video conferencing platform - was found to have multiple vulnerabilities.īrowser extension make a good vehicle for attackers as they often run with full user permissions. Additionally, in smaller organizations, employees are often allowed to install whatever browser extensions they want with little to no oversight. Last August, it was reported that 4.7M Chrome users were at risk due to malicious code injected into eight different Chrome extensions. ![]() There have been several cases in the past year of major software vendors inadvertently introducing vulnerabilities through browser extensions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |