Circumventing the Guardians - How the Security Features in State-of-the-Art TLS Inspection Solutions Can Be Exploited for Covert Data Exfiltration

Explore a new stealthy method of data exfiltration that bypasses security solutions designed to detect such attacks in this 26-minute Black Hat conference talk. Delve into the SNIcat exfiltration technique, which circumvents security perimeter solutions performing TLS inspection. Learn about TLS inspection devices, simple TLS handshakes, command and control structures, agent functionality, traffic capture methods, and core operational aspects of this technique. Examine potential mitigation and detection strategies, and witness a practical demonstration of the Sneakout tool in action. Gain valuable insights into advanced cybersecurity threats and defensive measures from speakers Matteo Malvica and Morten Marstrander.

Introduction
Who am I
Agenda
Background
Snicket
TLS Inspection Devices
Simple TLS handshake
Whats next
Command and Control
Agent and C2
Traffic Capture
Core Functionality
Mitigation Detection
Conclusion
Sneakout
Demo Environment
Demo Client
Outro