Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise

Presented at DEF CON 28 (2020) Virtual, Aug. 6, 2020, 4:30 p.m. (30 minutes).

Domain fronting, the technique of circumventing internet censorship and monitoring by obfuscating the domain of an HTTPS connection was killed by major cloud providers in April of 2018. However, with the arrival of TLS 1.3, new technologies enable a new kind of domain fronting. This time, network monitoring and internet censorship tools are able to be fooled on multiple levels. This talk will give an overview of what domain fronting is, how it used to work, how TLS 1.3 enables a new form of domain fronting, and what it looks like to network monitoring. You can circumvent censorship and monitoring today without modifying your tools using an open source TCP and UDP pluggable transport tool that will be released alongside this talk.


Presenters:

  • Erik Hunstad - CTO, SIXGEN
    Erik Hunstad is a security expert and researcher who realized the power of programming and security when he coded an algorithm to reduce the search space of possible Master Lock combinations in RAPTOR. Erik is the CTO and Adversary Emulation Lead at SIXGEN where he specializes in deploying the latest offensive security techniques against customers. He previously worked for the Department of Defense. @SixGenInc

Links:

Similar Presentations: