Black Hills InfoSec

TLS Certificates from EAP Network Traffic

BHIS · 2016-03-09 · Read original ↗

ATT&CK techniques detected

3 predictions

T1040Network Sniffing

81%

“of 802. 1x, and microsoft windows, the 802. 1x supplicant is implemented with a dual - level authentication. a machine credential can be presented upon machine boot, and a user credential presented when the user logs into the machine after the boot phase. in order to capture the …”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1557.001Name Resolution Poisoning and SMB Relay

68%

“used to send username, and password credentials to the radius server. eap - tls is very similar to eap - peap only that mutual tls certificate authentication is performed. the client supplicant presents a client certificate which is validated by the server, and then the radius se…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1573.002Asymmetric Cryptography

47%

“tls certificates from eap network traffic tls certificates from eap network traffic joff thyer / / a network can authenticate a client workstation using the 802. 1x and extensible authentication protocol ( eap ) using multiple different methods. eap is used both in a wired networ…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Joff Thyer // A network can authenticate a client workstation using the 802.1X and Extensible Authentication Protocol (EAP) using multiple different methods. EAP is used both in a wired network […]

The post TLS Certificates from EAP Network Traffic appeared first on Black Hills Information Security, Inc..