IEEE 802.1x has been leveraged for a long time for authentication purposes. Up until this point, little has been done to help researchers expose vulnerabilities within the systems that implement the protocol. In this talk, we'll dissect IEEE 802.1x, its surrounding protocols (RADIUS/EAP), provide testing tools, and detail a number of vulnerabilities identified in popular supporting systems. We'll wrap up demonstrating a vulnerability within a RADIUS server that allows for remote code execution over 802.11 wireless using WPA Enterprise before the user is authorized to join the network.
Brad Antoniewicz works in Foundstone's security research division to uncover flaws in popular technologies. He is a contributing author to both the "Hacking Exposed" and "Hacking Exposed: Wireless" series of books and has authored and contributed to various internal/external Foundstone tools, training courses, White Papers, and methodologies.