FlagThis

Abstract

This talk explores the evolution of ransomware from endpoint-based binaries to "browser native" attacks that bypass traditional EDR defenses. By leveraging threat vectors such as OAuth consent hijacking and malicious browser extensions, attackers can gain persistent access to SaaS platforms like Google Drive and Dropbox to exfiltrate and delete data, executing a ransomware attack entirely within the browser and cloud environment.