Explore a comprehensive security analysis of VPN Always-On technology in this DEF CON 31 conference talk that examines both offensive and defensive aspects of this critical mobile endpoint security control. Dive deep into Windows API functionality and popular VPN software implementations to understand how this feature prevents data leaks and reduces attack surface for corporate devices on untrusted networks. Learn about various exfiltration methods ranging from complex techniques to surprisingly simple bypass tricks that exploit design flaws, implementation weaknesses, and configuration issues. Gain practical insights into hardening VPN Always-On deployments and implementing more robust security measures to better protect against threats from untrusted networks.