/, Emerging Threats/Covert Channels in X.509 Digital Certificates

Covert Channels in X.509 Digital Certificates

A security researcher, who last year demonstrated that X.509 certificate exchanges could carry malicious traffic, has now published his proof-of-concept code (here).

Fidelis Cybersecurity’s Jason Reaves has disclosed a covert channel that uses fields in X.509 extensions to sneak data out of corporate networks.

The X.509 standard defines the characteristics of public key certificates, and anchors much of the world’s public key infrastructure; for example, it defines the certificates exchanged at the start of a TLS session.

View the original article at the Fidelis blog site by clicking the button below.

Read More
By | 2018-02-18T15:43:00+00:00 February 18th, 2018|Academic Research, Emerging Threats|

Leave A Comment