Abstract: A method for concealing threat detection and notification code in a website code base comprises maintaining at least one beacon within the website code base. Each beacon is disguised as code for a resource request, and is adapted to transmit at least one signal identifying misappropriation of the website code base. In some embodiments, a first beacon transmits a signal identifying misappropriation of the website code base, and a second beacon transmits a signal identifying tampering with the first beacon.

Abstract: Methods, systems, and techniques for analyzing a web browser extension are disclosed. A method of analyzing a web browser extension comprises: obtaining source code of the web browser extension; analyzing the source code to determine a risk posed by the web browser extension; and generating an indication of risk posed by the web browser extension based on the analysis of the source code.

Abstract: Methods, systems, and techniques for facilitating identification of electronic data exfiltration. A message transmission log and screenshot metadata are obtained. A screenshot corresponding to the screenshot metadata is matched to a sent electronic message, such as an email, having a file attachment represented in the message transmission log to generate an event. The screenshot metadata indicates that the screenshot was captured prior to when the message transmission log indicates the electronic message was sent. An anomaly score is determined for the sent electronic message is determined by applying unsupervised machine learning, such as by applying an isolation forest, to score the sent electronic message relative to a baseline. The anomaly score meeting or exceeding an anomaly threshold is treated as potentially being indicative of electronic data exfiltration.

Abstract: Methods, systems, and techniques for facilitating identification of electronic data exfiltration. A message transmission log and screenshot metadata are obtained. A screenshot corresponding to the screenshot metadata is matched to a sent electronic message, such as an email, having a file attachment represented in the message transmission log to generate an event. The screenshot metadata indicates that the screenshot was captured prior to when the message transmission log indicates the electronic message was sent. An anomaly score is determined for the sent electronic message is determined by applying unsupervised machine learning, such as by applying an isolation forest, to score the sent electronic message relative to a baseline. The anomaly score meeting or exceeding an anomaly threshold is treated as potentially being indicative of electronic data exfiltration.