Many of us travel for work, and as such, we must connect to a number of untrusted networks in order to stay on top of things. These public networks, while seemingly non-threatening, can be a hostile environment with malicious users seeking to extract any sensitive data they can, such as credit card information, personal information, and passwords. Some may say that this is unlikely, and that if there was a malicious user on a public network, they would be protected with the use of encrypted services. However, I would argue that this is not the case at all. Often adverse agents will use “passive” monitoring techniques to intercept data being sent over the network. This can be accomplished with any packet sniffing tool but will only allow an attacker to see traffic that is “in the clear” or unencrypted. If an attacker intends to intercept data transported via TLS, SSL, HTTPS, or from encrypted services like Gmail, Slack, or Dropbox, they need a way to subvert the in-transport data protection mechanisms.