Skip to content →


This content was originally published on the Digital Silence blog. The original can be found here:

At DEF CON 26 I introduced an attack that can be used to bypass 802.1x-2010 and MACsec when weak EAP methods are used. The attack, known as a Rogue Gateway, forces the supplicant to authenticate with a rogue radius server by mechanically diverting ethernet traffic to the attacker’s rogue device. The attack can be performed remotely with the assistance of a side channel interface, and can also be implemented completely in software to attack 802.1x-2004. I also introduced several improvements to the classical bridge-based 802.1x bypass, along with EAP-MD5 Forced Reauthentication attack.

These contributions are described in detail in our white paper on the subject, which can be found at the following URL:

DEF CON 26 – Gabriel Ryan – Whitepaper – Bypassing Port-Security In 2018 – Defeating MacSEC and 802.1x-2010

Additionally, the source code for our proof of concept tool silentbridge can be found at the following repository on Github:

A video recording of the original presentation, including live demos, is available here:

The slides from our presentation at DEF CON can be found here:

DEF CON 26 – Gabriel Ryan – Owning the LAN in 2018 – Defeating MACsec and 802.1x-2010 – Updated – final

Published in Network Evasion Red Team


Leave a Reply

Your email address will not be published. Required fields are marked *