ThruGlassXfer (TGXf) is a new and exciting technique to steal files from a computer through the screen. Any user that has screen and keyboard access to a shell (CLI, GUI or browser) in an enterprise IT environment has the ability to transfer arbitrary data, code and executables in and out of that environment without raising alarms, today. This includes staff, partners and suppliers, both on and off-shore. And implementation of best practice Data Center (Jump hosts), Perimeter / Remote Access (VPN, VDI, ..) and End Point Security (DLP, AV, ..) architectures have no effect on the outcome. In this session I will take you from first principles to a full exploitation framework. At the end of the session you'll learn how build on this unidirectional file transfer and augment the solution into a full duplex communications channel (a virtual serial link) and then a native PPP link, from an user owned device, through the remote enterprise-controlled screen and keyboard, to the most sensitive infrastructure in the enterprise. In this special DEF CON presentation I will also be releasing the new high-speed data exfiltration tool, hsTGXf. This is an exciting and cross-discipline presentation that picks up the story in the DEC VT220 terminal era and will take you on a journey to exploiting modern enterprise security architectures. So join me, whatever your knowledge or skill-set and learn something interesting!