A Bridge Too Far: Defeating Wired 802.1x with a Transparent Bridge Using Linux

Presented at DEF CON 19 (2011), Aug. 7, 2011, noon (110 minutes)

Using Linux and a device with 2 network cards, I will demonstrate how to configure an undetectable transparent bridge to inject a rogue device onto a wired network that is secured via 802.1x using an existing authorized connection. I will then demonstrate how to set up the bridge to allow remote interaction and how the entire process can be automated, creating the ultimate drop and walk away device for physical penetration testers and remote testers alike.

Presenters:

  • Alva 'Skip' Duckwall - Northrop Grumman, Sr. Cyber Something or other
    Alva 'Skip' Duckwall has been using Linux back before there was a 1.0 kernel and has since moved into the information security arena doing anything from computer/network auditing, to vulnerability assessments and penetration testing. Skip currently holds the following certs: CISSP, CISA, GCIH, GCIA, GCFW, GPEN, GWPT, GCFA, GSEC, RHCE, and SCSA and is working on getting his GSE. Skip currently works for Northrop Grumman as a Sr. Cyber Something or other.

Links: