Researchers at Fidelis Cybersecurity have identified a new technique for covertly exchanging data using X.509 digital certificates. The method builds on previous research involving the abuse of text fields in digital certificates to move data across a network. It takes advantage of the way digital certificates are exchanged during the initial TLS handshake, or the mutual authentication process that happens when two systems attempt to establish or resume a secure session with each other. The approach could be used to bypass security systems that do not check certificate extensions for abnormal content.”]