BTLO – Investigation: Exxtensity


Browser extensions are a persistent mechanism to access victim’s system. The company decided to check all of the browser extensions in use in the employees’ devices to make sure they are not using any malicious browser extension. We have kept some of the suspicious extension in the Desktop. Please analyze them and report to us.

Reading Material:

Scenario Description
Restricted Content
This investigation is currently active on Blue Team Labs Online, thus is required to be password protected. You will need to wait until the investigation is retired for the full solution. In special circumstances, you may email me for the password.


Pretty easy lab, learned a little bit more about GPO/Registry keys for blacklisting extensions and also using Powershell to investigate possibly malicious extensions.


No comments available.

Leave a Reply

Your email address will not be published. Required fields are marked *