bypassing 802 1x
play

Bypassing 802.1X In an IPv6 environment Introduction and motivation - PowerPoint PPT Presentation

Jun 27, 2023 •171 likes •357 views

Robert Diepeveen & Ruben de Vries Bypassing 802.1X In an IPv6 environment Introduction and motivation What is 802.1X? IEEE standard Port-based network access protocol Authentication mechanism for devices wishing to attach to

  1. Robert Diepeveen & Ruben de Vries Bypassing 802.1X In an IPv6 environment

  2. Introduction and motivation ● What is 802.1X? ● IEEE standard ● Port-based network access protocol ● Authentication mechanism for devices wishing to attach to a network ● Why in an IPv6 environment? Research Project #2 2

  3. Research question Is it possible to bypass 802.1X in an IPv6 environment? Yes it is! Research Project #2 3

  4. Research outline ● What is 802.1X? ● How is this attack performed in an IPv4 environment? ● Key components ● What are the theoretical differences between IPv4 and IPv6? ● How do these key components translate? Research Project #2 4

  5. 802.1X in detail source: Wikipedia Research Project #2 5

  6. Test environment Research Project #2 6

  7. Bypassing 802.1X in IPv4 ● Place device on the physical link between victim workstation and authenticator ● Make sure the victim host remains connected to the network while setting up the device ● Be invisible ● Gain access to the network via the attacker box Research Project #2 7

  8. Bypassing 802.1X in IPv4 Attacker box Research Project #2 8

  9. Attacker box properties ● Bridging network traffic ● At least two ethernet interfaces ● Forward EAPOL packets ● Invisible for the switch ● E.g. do not respond to ARP requests ● Mimic the victim workstation ● SNAT with iptables —> IP ● SNAT with ebtables —> MAC Research Project #2 9

  10. Differences between IPv4 and IPv6 ● MAC to IP address mapping IPv4: ARP ● IPv6: NDP ● ● Neighbor Advertisements/Sollicitations ● Generally no NAT needed in IPv6 However, people insisted (NAT66) ● Research Project #2 10

  11. Bypassing 802.1X in IPv6 ● Similar to IPv4 bypass ● Bridge needs to learn neighbours by sniffing NDP messages ● Same for ARP ● Victim host to bypass device communication Research Project #2 11

  12. Bypassing 802.1X in IPv6 Research Project #2 12

  13. Dot1X security violation Research Project #2 13

  14. Bypassing 802.1X in IPv6 Research Project #2 14

  15. Discussion ● Not every packet/frame is encrypted or authenticated ● Layer 2 vs layer 3 security ● Mitigation techniques ● MACsec, IPsec, SEND, HIDS ● Kernel bug ● Linux Kali used on Raspberry (4.1.7) ● NAT66 bug in Linux kernel versions < 4.3 Research Project #2 15

  16. Conclusion ● Is it possible to bypass 802.1X in an IPv6 environment? ● Yes it is! ● Attacks in both environments are not that different Research Project #2 16

  17. Future work ● Mitigation techniques ● Investigate feasibility of the attack in a MACsec/IPsec/.. enabled environment ● Remote access ● Add a third (4G) interface to access the attacker box remotely ● Device portability ● Patch kernel ● Different Linux distribution ● Open-source wired 802.1X switches Research Project #2 17

Recommend

Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net

Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net

Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript Bypassing browser

1.1k views • 48 slides
Bypassing Web Application Firewalls an approach for pentesters KHALIL BIJJOU SECURITY

Bypassing Web Application Firewalls an approach for pentesters KHALIL BIJJOU SECURITY

Bypassing Web Application Firewalls an approach for pentesters KHALIL BIJJOU SECURITY CONSULTANT 17 th November 2017 BYPASSING A WAF WHY? Number of deployed Web Application Firewalls (WAFs) is increasing WAFs make a penetration

533 views • 34 slides
Bypassing the hubs - The potential of secondary European airports in the long haul sector Sven

Bypassing the hubs - The potential of secondary European airports in the long haul sector Sven

Bypassing the hubs - The potential of secondary European airports in the long haul sector Sven Maertens / DLR 7th Conference on Applied Infrastructure Research, OCT 10-11, 2008 Sven Maertens DLR Bypassing the hubs Page 1 Structure

559 views • 22 slides
Bypassing Microsoft JEA role capabilities for fun &amp; profit whoami Cristhian Parrot -

Bypassing Microsoft JEA role capabilities for fun &amp; profit whoami Cristhian Parrot -

Bypassing Microsoft JEA role capabilities for fun &amp; profit whoami Cristhian Parrot - @elc0rr3Km1n0s Sr. Penetration Tester &amp; Lead Auditor @Airbus Father, Bug Hunter, Tech-entrepreneur Plan Intro Install Prerequisites

376 views • 22 slides
Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller

Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller

Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller Alex Matrosov Alexandre Gazet Actually 5 months of passionate reverse-engineering nights Disclaimer All the details given about BIOS Guard

968 views • 77 slides
Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com

Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com

Sergey Puzankov Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com SS7 in the 20 th century SCP STP STP SSP SCP STP STP PSTN SSP SSP SS7 Signaling System #7, a set of telephony protocols

937 views • 60 slides
Bypassing the Language Bottleneck Alexei (Alyosha) Efros UC Berkeley Collaborators David

Bypassing the Language Bottleneck Alexei (Alyosha) Efros UC Berkeley Collaborators David

Visual Understanding without Naming: Bypassing the Language Bottleneck Alexei (Alyosha) Efros UC Berkeley Collaborators David Abhinav Scott Martial Natasha Yaser Satkin Fouhey Gupta Hebert Kholgade Sheikh Vincent Ivan Josef

1.26k views • 83 slides
Bypassing ISP and Enterprise Anti- DDoS with 90s technology Dennis Rand

Bypassing ISP and Enterprise Anti- DDoS with 90s technology Dennis Rand

So you think IoT DDoS botnets are dangerous Bypassing ISP and Enterprise Anti- DDoS with 90s technology Dennis Rand https://www.ecrimelabs.com @DennisRand About me Im a security researcher and founder of eCrimeLabs, based out of Denmark.

674 views • 48 slides
Exploitation on ARM Technique and bypassing defense mechanisms 07. 2010 STRI/Advance Technology

Exploitation on ARM Technique and bypassing defense mechanisms 07. 2010 STRI/Advance Technology

Exploitation on ARM Technique and bypassing defense mechanisms 07. 2010 STRI/Advance Technology Lab/Security # /usr/bin/whoami Itzhak (Zuk) Avraham Researcher at Samsung Electronics Partner at PIA Follow me on twitter under

473 views • 31 slides
Bypassing Phishing Filters Shahrukh Zaidi MSc System and Network Engineering (University of

Bypassing Phishing Filters Shahrukh Zaidi MSc System and Network Engineering (University of

Bypassing Phishing Filters Shahrukh Zaidi MSc System and Network Engineering (University of Amsterdam) Supervisors: Alex Stavroulakis, Rick van Galen (KPMG) Phishing emails Special type of spam message Fraudulent social

1.11k views • 29 slides
TSIGKILL: Bypassing dynamic DNS updates authentication through signature forgery or a tale on

TSIGKILL: Bypassing dynamic DNS updates authentication through signature forgery or a tale on

TSIGKILL: Bypassing dynamic DNS updates authentication through signature forgery or a tale on how to audit a DNS server when you dont really know anything about DNS Date 17/11/2017 At GreHack By Clment Berthaux Whoami Clment

721 views • 26 slides
Bypassing Combinatorial Protections Polynomial-Time Algorithms for Single-Peaked Electorates

Bypassing Combinatorial Protections Polynomial-Time Algorithms for Single-Peaked Electorates

Bypassing Combinatorial Protections Polynomial-Time Algorithms for Single-Peaked Electorates Markus Brill COMSOC 2010 Dsseldorf Joint work with Felix Brandt, Edith Hemaspaandra, and Lane Hemaspaandra Voting Rules C = {a,b,c,...} is a

660 views • 11 slides
:: Privacy Pass :: Bypassing internet challenges anonymously Alex Davidson 1,3 Ian Goldberg 2

:: Privacy Pass :: Bypassing internet challenges anonymously Alex Davidson 1,3 Ian Goldberg 2

:: Privacy Pass :: Bypassing internet challenges anonymously Alex Davidson 1,3 Ian Goldberg 2 Nick Sullivan 3 George Tankersley 4 Filippo Valsorda 4 1 Royal Holloway, University of London 2 University of Waterloo 3 Cloudflare 4 Independent PETS

591 views • 55 slides
Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me

Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me

Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me David Johansson (@securitybits) Security consultant since 2007 Helping clients design and build secure software Security training Based in

821 views • 25 slides
Cost-Effective Compiler Directed Memory Prefetching and Bypassing Daniel Ortega, , Eduard

Cost-Effective Compiler Directed Memory Prefetching and Bypassing Daniel Ortega, , Eduard

Cost-Effective Compiler Directed Memory Prefetching and Bypassing Daniel Ortega, , Eduard Ayguad e , Jean-Loup Baer and Mateo Valero Departamento de Arquitectura de Computadores, Department of

676 views • 39 slides
BYPASSING SECURITY RESTRICTIONS TH THE E CASE ASE OF F CVE VE-2018 2018-5955 5955 Whoami

BYPASSING SECURITY RESTRICTIONS TH THE E CASE ASE OF F CVE VE-2018 2018-5955 5955 Whoami

BYPASSING SECURITY RESTRICTIONS TH THE E CASE ASE OF F CVE VE-2018 2018-5955 5955 Whoami Ad Adam Nu Nurudin ini CEH, ITIL L V3, 3, CCNA, CCNP, CASP, PCI-DS DSS, B , BSC-IT IT Lead Security Researcher @ Netwatch Technologies

178 views • 16 slides
ROP A&amp;ack BYPASSING MEMORY PROTECTIONS USING RETURN ORIENTED PROGRAMMING

ROP A&amp;ack BYPASSING MEMORY PROTECTIONS USING RETURN ORIENTED PROGRAMMING

ROP A&amp;ack BYPASSING MEMORY PROTECTIONS USING RETURN ORIENTED PROGRAMMING PRESENTED BY AHMAD MOGHIMI What is ROP A&amp;ack? q Return Oriented Programming a0ack is a technic to

656 views • 46 slides
AVPASS: Automatically Bypassing Android Malware Detection System Jinho Jung, Chanil Jeon, Max

AVPASS: Automatically Bypassing Android Malware Detection System Jinho Jung, Chanil Jeon, Max

AVPASS: Automatically Bypassing Android Malware Detection System Jinho Jung, Chanil Jeon, Max Wolotsky, Insu Yun, and Taesoo Kim Georgia Institute of Technology, July 27, 2017 Ab About t Us SSLab (@GT) Focusing on s ystem and security

1.25k views • 72 slides
Bypassing Different Defense Schemes via Crash-Resistant Probing of Address Space Robert Gawlik

Bypassing Different Defense Schemes via Crash-Resistant Probing of Address Space Robert Gawlik

Bypassing Different Defense Schemes via Crash-Resistant Probing of Address Space Robert Gawlik Ruhr University Bochum Horst Grtz Institute for IT-Security Bochum, Germany About me Playing with InfoSec since 2010 Currently in academia

1.13k views • 84 slides
SORRY ABOUT YOUR WAF Bypassing the Modern WAF Johnny Xmas Johnny.Xmas@Kasada.io @J0hnnyXm4s

SORRY ABOUT YOUR WAF Bypassing the Modern WAF Johnny Xmas Johnny.Xmas@Kasada.io @J0hnnyXm4s

SORRY ABOUT YOUR WAF Bypassing the Modern WAF Johnny Xmas Johnny.Xmas@Kasada.io @J0hnnyXm4s JOHNNY XMAS Johnny.Xmas@Kasada.io Blade Runner &amp; Director of Field Engineering, North America &amp; Europe @ kasada.io CISSP, GIAC, GPEN

418 views • 22 slides
New drugs bypassing the anti-EGFR blockade Vanesa Gregorc Thoracic Oncology, Melanoma and Head

New drugs bypassing the anti-EGFR blockade Vanesa Gregorc Thoracic Oncology, Melanoma and Head

New drugs bypassing the anti-EGFR blockade Vanesa Gregorc Thoracic Oncology, Melanoma and Head and Neck Area Coordinator Department of Oncology, Division of Experimental Medicine, San Raffaele Scientific Institute Heterogeneous acquired

288 views • 26 slides
Adversarial Examples are Not Easily Detected: Bypassing Ten Detection Methods Nicholas Carlini,

Adversarial Examples are Not Easily Detected: Bypassing Ten Detection Methods Nicholas Carlini,

Adversarial Examples are Not Easily Detected: Bypassing Ten Detection Methods Nicholas Carlini, David Wagner University of California, Berkeley Background Neural Networks I assume knowledge of neural networks ... This talk: neural

5.49k views • 57 slides
The Black Art of Wireless Post-Exploitation: Bypassing Port-Based Access Controls Using Indirect

The Black Art of Wireless Post-Exploitation: Bypassing Port-Based Access Controls Using Indirect

The Black Art of Wireless Post-Exploitation: Bypassing Port-Based Access Controls Using Indirect Wireless Pivots GreHacks Gabriel Ryan (solstice) net user author /domain Gabriel Ryan Researcher @ Gotham Digital Science Worlds best Red

1.89k views • 125 slides
Analysis of Bypassing Detection by Microsoft Advanced Threat Analytics Edgar Bohte and Nick

Analysis of Bypassing Detection by Microsoft Advanced Threat Analytics Edgar Bohte and Nick

Analysis of Bypassing Detection by Microsoft Advanced Threat Analytics Edgar Bohte and Nick Offerman Research Project 2 #72 Introduction - Advanced Threat Analytics (ATA) Microsoft Active Directory (AD) On-premise Post-Infiltration

439 views • 25 slides

More recommend