Whitepaper - Bypassing Port Security in 2018

Published on
June 3, 2025

At DEF CON 26 we introduced an attack that can be used to bypass 802.1x-2010 and MACsec when weak EAP methods are used. The attack, known as a Rogue Gateway, forces the supplicant to authenticate with a rogue radius server by mechanically diverting ethernet traffic to the attacker’s rogue device. The attack can be performed remotely with the assistance of a side channel interface, and can also be implemented completely in software to attack 802.1x-2004. We also introduced several improvements to the classical bridge-based 802.1x bypass, along with EAP-MD5 Forced Reauthentication attack.

These contributions are described in detail in our white paper on the subject, which can be found at the following URL:

DEF CON 26 – Gabriel Ryan – Whitepaper – Bypassing Port-Security In 2018 – Defeating MacSEC and 802.1x-2010

Additionally, the source code for our proof of concept tool silentbridge can be found at the following repository on Github:

https://github.com/s0lst1c3/silentbridge

A video recording of the original presentation, including live demos, is available here:

https://www.youtube.com/watch?v=lX4ZnQ-pfWQ

The slides from our presentation at DEF CON can be found here:

DEF CON 26 – Gabriel Ryan – Owning the LAN in 2018 – Defeating MACsec and 802.1x-2010 – Updated – final

Learn More
Consent Preferences