solstice.sh Pentesting, Offensive Security Research & Development

About

Security R&D and red teamer. Former Digital Silence, GDS Security. Author of:

  • EAPHammer - EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements.
  • SilentBridge - SilentBridge is a toolkit for quickly bypassing 802.1x port security first presented at DEF CON 26. It provides the first documented means of bypassing 802.1x-2010 via its authentication process, as well as improvements to existing techniques for bypassing 802.1x-2004.

I’ve presented at DEF CON, DerbyCon, Hackfest, 44con, SecTor, and several Security BSides conferences on topics ranging from wireless and infrastructure security to access control protocols and red team tradecraft. I have also taught workshops on advanced wireless tactics for clients and at international industry conferences. My other technical interests include systems internals, low-level programming, payload development, and infrastructure automation.

Twitter: @s0lst1c3

Github: s0lst1c3

E-Mail: gabriel [at] this domain

For my complete portfolio of projects, publications, and speaking engagements, check out the links below.

Whitepapers

Digital Silence
Bypassing Port-Security In 2018: Defeating MACSEC and 802.1x-2010
Gotham Digital Science
The Black Art Of Wireless Post-Exploitation - Bypassing Port-Based Access Controls Using Indirect Wireless Pivots
Identifying Rogue Access Point Attacks Using Probe Response Patterns And Signal Strength

Work Blogs

Digital Silence
Whitepaper - Bypassing Port-Security In 2018: Defeating MACSEC and 802.1x-2010
5GHZ Electronic Warfare Part 1: Attacking 802.11N Networks
Powershell Empire - Evading Nessus Plugin 99592
Gotham Digital Science
Whitepaper: The Black Art Of Wireless Post-Exploitation - Bypassing Port-Based Access Controls Using Indirect Wireless Pivots
Whitepaper: Identifying Rogue Access Point Attacks Using Probe Response Patterns and Signal Strength
Slaying Rogue Access Points With Python And Cheap Hardware
Tripwire: State of Security (Guest Contributer)
People, Processes and Technology: The Triad of Your Organization’s Cyber Security
Security Speaks: Breaking Through At BSides

Conference Talks

See solstice.sh/presentations and solstice.sh/workshops.

Open Source

See https://github.com/s0lst1c3.