Circumventing the Guardians - How the Security Features in State-of-the-Art TLS Inspection Solutions Can Be Exploited for Covert Data Exfiltration

Explore a new stealthy method of data exfiltration that bypasses security solutions designed to detect such attacks in this 26-minute Black Hat conference talk. Delve into the SNIcat exfiltration technique, which circumvents security perimeter solutions performing TLS inspection. Learn about TLS inspection devices, simple TLS handshakes, command and control structures, agent functionality, traffic capture methods, and core operational aspects of this technique. Examine potential mitigation and detection strategies, and witness a practical demonstration of the Sneakout tool in action. Gain valuable insights into advanced cybersecurity threats and defensive measures from speakers Matteo Malvica and Morten Marstrander.