Skip to content →


I am an offensive security engineer and wireless specialist working for SpecterOps. I formerly worked for Gotham Digital Science, where I was heavily involved in their security research program GDS Labs. I am the creator and active developer of the following projects:

  • EAPHammer: a weaponized version of hostapd for performing targeted rogue access point attacks against WPA/2-EAP networks, first presented at DEF CON 25 and BlackHat Arsenal 2017.
  • SilentBridge: a toolkit for bypassing 802.1x port security first released at DEF CON 26. SilentBridges includes the first working bypass for 802.1x-2010, as well as improvements to existing techniques for bypassing 802.1x-2004 (research paper can be found here).

I’ve presented about RF security at DEF CON, Hackfest, DerbyCon, SecTor, as well as multiple Security BSides conferences. I also developed and taught the “Advanced Wireless Attacks” DEF CON workshops, and have served as a support instructor for SpecterOps’ “Adversary Tactics: Red Team Operations” training course at BlackHat.

My most recent work involved novel proof-of-concept attacks against WPA3’s Enhanced Open, which I presented last summer with fellow wireless researcher Steve Darracott. I’m currently delving deeply into Kerberos abuses on both Windows and Linux platforms.

My active projects can be found on GitHub using the link below. Previous research presentations can be found here.




Email: gabriel [<<< at >>>] solstice [<<dot>] sh