The talk will present a new tool for pentesters called "Lauschgerät". This python script acts as a convenient man-in-the-middle tool to sniff traffic, terminate TLS encryption, host malicious services and bypass 802.1X - provided you have physical access to the victim machine, or at least its network cable.
There are three ways to run it: Either on its own dedicated device like a Raspberry Pi or Banana Pi, in a virtual machine with two physical USB-NICs attached, or on your regular pentest system in its own network namespace. It will look like a completely transparent piece of wire to both victim systems you are getting in the middle of, even if they are using 802.1X because it is implementing the ideas presented in a talk by Alva Lease 'Skip' Duckwall IV.
The Lauschgerät operates with three interfaces: Two interfaces going to the victim client and the victim switch respectively, and one management interface which you can connect to and initiate the redirection of traffic, inject your own traffic, start and stop malicious services, and so forth. It comes with a few services included, such as a service that terminates TLS encryption (which will of course cause a certificate warning on the victim's end) or a service that performs the classic "SSL strip" attack. And more to come!
An optional wireless interface can either be used as another management interface or for intercepting traffic of wireless devices. The management can be done via SSH or via a web application, making sure you can hit the ground running.
Details on its challenges regarding the implementation will be covered in the talk, focusing on the 802.1x bypass and the transparent TLS proxy, including a demo that shows how a man in the middle can modify traffic by flipping images in web pages.
Formerly an astrophysicist focusing on cosmology, Adrian Vollmer has been working as an IT security consultant for the Germany-based pentest company SySS since 2015. His specialty is hacking Windows networks and performing all kinds of man in the middle attacks.