The TLS handshake can be used to hide messages by changing the order of parts. An update helps teams test systems and prepare for attacks.
Keysight’s Application and Threat Intelligence (ATI) team has discovered a method that allows attackers to misuse the TLS handshake to bypass security systems. By reordering parameters in the TLS Client Hello message—without inserting code—attackers can create a covert communication channel. This method is hard for firewalls and intrusion prevention systems to detect, making it a risk across networks that rely on TLS for communications.
To address this, Keysight has added the exploit to its ATI update. This allows organizations to simulate the method in a lab environment, evaluate whether their security tools can detect it, and test the impact of different responses before applying them to systems. This helps identify gaps in defenses and supports planning.
The update enables companies, service providers, and vendors to assess their systems against an attack that misuses TLS—the protocol designed to protect data—as a tool for communication. By testing in advance, teams can prepare for this threat and reduce risk.
This update reflects Keysight’s approach to cybersecurity. The ATI team is focused on identifying threats and adding them to test content so users can stay current. The inclusion of the TLS exploit supports this, giving users tools to strengthen defenses.
The ATI platform provides access to threat intelligence created by specialists in reverse engineering, malware analysis, and vulnerability research. These insights, not found in other platforms, help teams detect threats and respond.
Alongside threat intelligence, ATI offers a library of simulations. It includes over 10,400 strikes and evasions—now with the TLS exploit—as well as over 200,000 malware samples per day and over 75 simulated DDoS attacks. This helps teams test scenarios.
For performance testing, the platform includes over 840 applications, 410 application profiles, and 5,100 Superflows. It can handle traffic up to 12 Tbps, making it suitable for testing security and network performance.
ATI also supports configurations. Security teams can adjust strike and evasion patterns to reflect attack techniques. Updates—bi-weekly ATI rollups and daily malware feeds—ensure the platform stays current. All content is included under one license, with no tiers or costs.
By integrating the TLS exploit into its platform, Keysight gives defenders a way to simulate and understand a class of threats. It helps improve system readiness and stay ahead of attacks that use encryption protocols in unintended ways.
