Explore offensive browser extension development techniques in this 51-minute conference talk from Derbycon 2018. Delve into the WebExtension API, understanding its significance and potential for abuse. Learn about malicious extensions in the wild, basic extension structure, and permissions. Discover methods for hiding malicious behavior, including code obfuscation techniques. Examine extension command and control, cloning extensions, and the process of submitting to web stores. Analyze Google Web Store and Mozilla Add-ons Store submission processes. Investigate Chrome inline installations, social engineering tactics, and installation pretexts. Gain insights into Chrome external installs, secure preferences, and post-exploitation Chrome apps. Explore native messaging capabilities and access a comprehensive code dump for practical implementation.