lecture: Network Access Uncontrolled

Insecurity in port security


During an internal pentest, the red teamers often access the local area network for access to the internal network. This gets harder with the implementation of Network Access Control in the perimeter. The unavailability of well-implemented port security often results in recommendations for implementing more complex NAC solutions such as 802.1X.
Here we will discuss the various techniques of NAC that might be implemented and the techniques that could be utilized to bypass such an implementation. We shall put to test the implementation of 802.1X attempting to bypass and attempt to run various utilities required during a pentest and find out what is the maximum possible port security feature that can be implemented today.

Introduction (2 mins)
In this section, we shall cover the following -
1. What is Network Access Control
2. Types of network access control and their timelines

Accessing the network (3 mins)
1. Dynamically Assigned IP Address
2. Statically Assigned IP Address
3. MAC Authentication and IP Sticky
4. Antivirus status based NAC
5. 802.1X (credential based and certificate-based)

Understanding 802.1X (10 mins)
1. Architecture behind 802.1X
2. Extensible Authentication Protocol 101
3. 802.1X Authentication Sequence and Design

Attacking the NAC (15 mins) (With Demos)
1. Identifying IP Address Schema and self assigning IP
2. MAC Authentication Bypass (MAB)
3. 802.1X Bypass
- Here we demonstrate our utility inside a raspberry pi which can act as a hardware implant to bypass any kind of network access control.

Demystifying attacks on 802.1X NAC protected network (with Demo) (10 mins)
- In this section, we cover the commonly utilized techniques during a network pentest and demonstrate how we would require to run the following applications from our implanted box on the network.
1. Nmap
2. Responder
3. Tomcat exploit
4. RDP
5. SMB (crackmapexec, eternal blue)
At the end of this, we shall also release a script that has integration similar to NACkered and Duckwall's NAC bypass technique along with the ease of configuring an attack.

Conclusions (1 min)

Questions (4 mins)


Day: 2019-09-14
Start time: 12:00
Duration: 00:45
Room: Tesla


Concurrent events

Building the School 2.0
Hacker Area
Amateur radio activity days