Security Operation Assessment
Risk Assessment Scale
Low Risk (Stealthy)
Medium Risk (Moderate Detection)
High Risk (Noisy)
Cookie Extraction
Data Collection
•
LOW RISK
Operation Profile
- • Uses standard browser APIs
- • No suspicious network traffic
- • Minimal system resource usage
- • Common browser operation pattern
Detection Vectors
- • Cookie access monitoring
- • Extension permission alerts
- • Data exfiltration patterns
Screenshot Capture
Visual Intelligence
•
MEDIUM RISK
Operation Profile
- • Higher memory usage during capture
- • Generates larger data payloads
- • Requires explicit permissions
- • Visual indicator in some browsers
Detection Vectors
- • Screen capture indicators
- • Memory usage spikes
- • Large data transfers
DOM Snapshot
Visual Intelligence
•
HIGH RISK
Operation Profile
- • Heavy DOM manipulation
- • High CPU usage during capture
- • Large data serialization
- • Extensive resource tracking
Detection Vectors
- • Performance monitoring alerts
- • DOM mutation observers
- • Resource usage anomalies
- • Network traffic patterns
History Collection
Data Collection
•
MEDIUM RISK
Operation Profile
- • Bulk data access patterns
- • Moderate network traffic
- • Database-like access patterns
- • Permission-intensive operation
Detection Vectors
- • History API access monitoring
- • Bulk data transfer detection
- • Permission change alerts
Clipboard Monitoring
Monitoring
•
HIGH RISK
Operation Profile
- • Continuous event monitoring
- • Frequent API access
- • Regular data exfiltration
- • Active content inspection
Detection Vectors
- • Clipboard access notifications
- • Continuous monitoring alerts
- • Regular network patterns
- • Permission abuse detection
Bookmarks Collection
Data Collection
•
MEDIUM RISK
Operation Profile
- • Single API call for complete tree
- • Moderate data payload size
- • Requires bookmarks permission
- • One-time bulk data access
Detection Vectors
- • Permission grant alerts
- • Bulk data transfer patterns
- • Extension API monitoring
- • Network traffic analysis
System Enumeration
Monitoring
•
HIGH RISK
Operation Profile
- • Deep system inspection
- • Hardware capability scanning
- • Extension enumeration
- • Security software detection
Detection Vectors
- • Hardware API access alerts
- • Extension scanning detection
- • Anti-VM checks flagging
- • Security tool enumeration alerts