In the past decade, the widespread adoption of cloud services and SaaS applications has fundamentally changed the way we work. Critical workflows and data are now created and stored in web apps, turning browsers into the primary gateway through which employees conduct both personal and work activities. Despite its central role in the modern workplace, browsers remain one of the least understood attack surfaces in cybersecurity. As attackers increasingly target employees in the browser, it is critical for security practitioners to understand browser-native threats. The Browser Security Field Manual serves as a practical guide to the techniques adversaries are using to compromise organizations through their employees' browsers, including:

• Evolution of the web browser
• Advanced spearphishing techniques
• Malicious browser extensions

• Browser data loss
• Identity attacks
• Browser-native ransomware

Rahul Kashyap

Fmr. CISO of Arista Networks

Rathi Murthy

CTO of Varo Bank, Fmr. CTO of Expedia, Gap, & Verizon

John Carse

Fmr. CTO of Dyson

“We are obsessed with locking down our enterprise devices and controlling every single thing users download, install and extract from the device.

Yet, when it comes to the browser, most enterprises have no idea what SaaS apps and extensions employees are using, much less how they are interacting with them.”

"Security teams often spend a lot of time focusing software vulnerabilities and hardening endpoints, forgetting a fundamental attacker philosophy: always pick the past of least resistance.

In the modern enterprise, that path is employees. Specifically, employee identities in the browser."

"For the past decade, our ransomware defense strategy has centered around inspecting local files and processes. This approach made sense, as up until now, all ransomware resided in the endpoint, making EDRs and anti-ransomware tools a critical component of every enterprise’s security stack. But here's the uncomfortable reality: that world no longer exists."

The book authors — SquareX Founder Vivek Ramachandran and Audrey Adeline, SquareX Researcher — are also giving away exclusive autographed copies at our book signing events. Catch them live at:

Black Hat USA 2025

📍 Breakers Registration 1 & 2, Across the Black Hat Bookstore

📆 August 7th

🕒 3:00pm-3:30pm

DEF CON 33

📍 DEF CON, Las Vegas Convention Center

📆 August 7-10th

🕒 TBD

Researcher, SquareX

Audrey currently leads the Year of Browser Bugs (YOBB) project at SquareX which has disclosed multiple major architectural browser vulnerabilities to date. Key discoveries from YOBB include Polymorphic Extensions, Browser Ransomware and Browser Syncjacking, all of which have been covered by major publications such as Forbes, Bleeping Computer and Mashable. She is passionate about furthering cybersecurity education and has run multiple workshops with Stanford University and Women in Security and Privacy (WISP). Prior to SquareX, Audrey was a cybersecurity investor at Sequoia Capital and graduated from the University of Cambridge with a degree in Natural Sciences.

Founder and CEO, SquareX

Vivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. Before that, Vivek’s company built an 802.11ac monitoring product sold exclusively to defense agencies.