Be Fearless Online: In Browser Malicious File Detection Part 4

About the Guest: Shourya Pratap Singh is a Principal Engineer at SquareX. He is responsible for building SquareX’s secure and privacy-focused extension, and works on researching methods to counteract web security risks. He has conducted a workshop at Texas Cyber Summit, and his work is being presented at Blackhat Arsenal EU. Before joining ⁠ SquareX⁠, he worked with FinBox (an Indian fintech) where he led a team of brilliant developers and was responsible for building and scaling multiple product lines. He has a bachelor’s degree from IIIT Bhubaneswar and holds a patent. His area of interest includes browser extensions and web application security.

Episode Summary: In this highly informative episode of the Philip Wylie Show, we dive into the pertinent topic of online security. Together with Shourya Pratap Singh from Squarex, we explore the intricacies of malicious file detection and examine the latest advancements Squarex has incorporated to bolster digital safety. From password-protected archives to deceptive file naming practices, this episode sheds light on the multi-layered defense strategies designed to ward off cyber threats. Shourya explains how Squarex has evolved its scanning abilities, focusing on zip files and extending its malicious document detection features to manage complex archives, including encrypted and recursively nested zip files. By integrating innovative capabilities directly within the browser, Squarex enables users to seamlessly scan for potential threats without compromising the security of their data. The discussion extends to how Squarex handles password retrieval from email bodies to automate the scanning process, showcasing the company's forward-thinking approach to cybersecurity. The episode also reveals Squarex's latest feature developments, such as the Download Interceptor, which provides users with additional layers of protection against unwittingly executing harmful downloads.

Key Takeaways:

• Squarex has enhanced its platform to detect malicious content within zip files, including password-protected and recursively nested archives.
• The download interceptor feature within Squarex offers capabilities such as blocking downloads, ensuring users can review security scans before proceeding.
• Squarex can automatically use passwords found in email bodies to scan encrypted files seamlessly, maintaining user convenience without compromising security.
• Attackers' methods, such as renaming zip files or using multiple layers of encryption, can be thwarted with Squarex's comprehensive scanning features.
• The cybersecurity landscape demands defenders to be always vigilant, as showcased by Shourya's assertion that "attackers have to win only once, but whoever is trying to protect you has to win every time." Resources: Get your free SquareX Chrome plugin: ⁠⁠http://sqrx.io/pw_x⁠⁠ ⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠ ⁠⁠https://twitter.com/getsquarex⁠⁠ ⁠⁠https://www.instagram.com/getsquarex/sible.