security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1663bf7d524b6fc8a9a39104feb2949b36368dfc
atomic-red-team/atomics/T1176/T1176.md
T
CircleCI Atomic Red Team doc generator 6e0c26b97c Generate docs from job=validate_atomics_generate_docs branch=master
2019-09-03 20:11:38 +00:00

76 lines
2.7 KiB
Markdown
Raw Blame History

# T1176 - Browser Extensions
## [Description from ATT&CK](https://attack.mitre.org/wiki/Technique/T1176)
<blockquote>Browser extensions or plugins are small programs that can add functionality and customize aspects of internet browsers. They can be installed directly or through a browser's app store. Extensions generally have access and permissions to everything that the browser can access. (Citation: Wikipedia Browser Extension) (Citation: Chrome Extensions Definition)
Malicious extensions can be installed into a browser through malicious app store downloads masquerading as legitimate extensions, through social engineering, or by an adversary that has already compromised a system. Security can be limited on browser app stores so may not be difficult for malicious extensions to defeat automated scanners and be uploaded. (Citation: Malicious Chrome Extension Numbers) Once the extension is installed, it can browse to websites in the background, (Citation: Chrome Extension Crypto Miner) (Citation: ICEBRG Chrome Extensions) steal all information that a user enters into a browser, to include credentials, (Citation: Banker Google Chrome Extension Steals Creds) (Citation: Catch All Chrome Extension) and be used as an installer for a RAT for persistence. There have been instances of botnets using a persistent backdoor through malicious Chrome extensions. (Citation: Stantinko Botnet) There have also been similar examples of extensions being used for command & control (Citation: Chrome Extension C2 Malware).</blockquote>
## Atomic Tests
- [Atomic Test #1 - Chrome (Developer Mode)](#atomic-test-1---chrome-developer-mode)
- [Atomic Test #2 - Chrome (Chrome Web Store)](#atomic-test-2---chrome-chrome-web-store)
- [Atomic Test #3 - Firefox](#atomic-test-3---firefox)
<br/>
## Atomic Test #1 - Chrome (Developer Mode)
**Supported Platforms:** Linux, Windows, macOS
#### Run it with these steps!
1. Navigate to [chrome://extensions](chrome://extensions) and
tick 'Developer Mode'.
2. Click 'Load unpacked extension...' and navigate to
[Browser_Extension](../t1176/)
3. Click 'Select'
<br/>
<br/>
## Atomic Test #2 - Chrome (Chrome Web Store)
**Supported Platforms:** Linux, Windows, macOS
#### Run it with these steps!
1. Navigate to https://chrome.google.com/webstore/detail/minimum-viable-malicious/odlpfdolehmhciiebahbpnaopneicend
in Chrome
2. Click 'Add to Chrome'
<br/>
<br/>
## Atomic Test #3 - Firefox
Create a file called test.wma, with the duration of 30 seconds
**Supported Platforms:** Linux, Windows, macOS
#### Run it with these steps!
1. Navigate to [about:debugging](about:debugging) and
click "Load Temporary Add-on"
2. Navigate to [manifest.json](./manifest.json)
3. Then click 'Open'
<br/>
Reference in New Issue View Git Blame Copy Permalink