What if an attacker could exfiltrate sensitive data through your next-generation firewall without touching a single byte of encrypted payload? In this session, Keysight Technologies' Rakesh Seal presents original IEEE award-winning research revealing a zero-day covert channel built entirely within the TLS Client Hello handshake - no payload modification, no anomalous network footprints.

In this session, you will learn:

• How permutating the order of TLS extensions and cipher suites encodes and transmits data invisibly, mimicking Chrome and Firefox's JA3 fingerprint-evasion behavior to leave no anomalous network footprints;
• How the technique fared against leading firewalls in lab testing, bypassing all five encoding variants on Cisco Firepower, four of five on FortiGate, and succeeding via combination encoding on Palo Alto where permutation encoding was blocked;
• What responsible disclosure to CISA, GSMA and 100+ vendors revealed and the short- and long-term mitigations available to security teams defending against protocol-layer covert channels.