{"id":3209,"date":"2017-07-06T19:06:47","date_gmt":"2017-07-06T17:06:47","guid":{"rendered":"http:\/\/securite.intrinsec.com\/?p=3209"},"modified":"2017-07-06T19:06:47","modified_gmt":"2017-07-06T17:06:47","slug":"hip2017-bypass-802-1x-fenrir","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/hip2017-bypass-802-1x-fenrir\/","title":{"rendered":"[HIP2017] Bypass 802.1x \u2013 FENRIR"},"content":{"rendered":"<p>One of the topics presented during the <a href=\"https:\/\/www.intrinsec.com\/en\/2017\/07\/06\/hack-in-paris-2017\/\">Hack In Paris 2017<\/a> The conference focused on the 802.1x standard and a tool facilitating workaround techniques. It was a particularly interesting conference, and we offer a more detailed summary here.<\/p>\n<p>The goal of this project originally arose from the desire to prove to customers that bypasses of 802.1x protection are not only &quot;proofs of concept&quot; (POC), but also to gain discretion during Red Team missions.<\/p>\n<p>This tool was presented by Val\u00e9rian LEGRAND \u2013 Orange CyberDefense.<\/p>\n<h1>Operation and protocol<\/h1>\n<p>The 802.1x standard is a relatively recent network authentication technology, created in 2001 by the IEEE, which is based on &quot;port-based Network Access Control&quot; or NAC. Its main function is to control physical access to the corporate network in order to prevent intruders from gaining access.<\/p>\n<p>This standard distinguishes 3 types of equipment:<\/p>\n<ul>\n<li><strong>Supplicant<\/strong>The equipment requesting to connect to the network<\/li>\n<li><strong>Authenticator<\/strong>The switch or the Wi-Fi access point<\/li>\n<li><strong>Authentication Server<\/strong> : The server for verifying connection credentials (such as RADIUS, TACACS, CAS, etc.)<\/li>\n<\/ul>\n<p>Authentication is performed via &quot;EAPoL EAP Over Lan&quot;, encapsulating the EAP network protocol (&quot;Extensible Authentication Protocol&quot;).<\/p>\n<div id=\"attachment_3210\" style=\"width: 835px\" class=\"wp-caption alignnone\"><img fetchpriority=\"high\" decoding=\"async\" aria-describedby=\"caption-attachment-3210\" class=\"wp-image-3210 size-full\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/07\/EAPOL.png\" alt=\"\" width=\"825\" height=\"238\" \/><p id=\"caption-attachment-3210\" class=\"wp-caption-text\">Explanatory diagram 802.1x \u2013 EAPOL \u2013 source: wikimedia.com<\/p><\/div>\n<p>The basic functioning of<strong>\u2019&#039;EAPOL<\/strong> is as follows:<\/p>\n<ol>\n<li>The Authenticator asks the Supplicant to state their identity.<\/li>\n<li>The Supplicant responds to the Authenticator and transmits its identity to the authentication server so that it can verify whether the Supplicant is authorized to join the network.<\/li>\n<li>If the Supplicant is not authenticated, the authentication server transmits a challenge to the Supplicant via the Authenticator.<\/li>\n<li>The Supplicant resolves the challenge and sends it back to the Authentication Server via the Authenticator.<\/li>\n<li>The authentication server authorizes or denies the supplicant permission to connect.<\/li>\n<\/ol>\n<div id=\"attachment_3215\" style=\"width: 615px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" aria-describedby=\"caption-attachment-3215\" class=\"wp-image-3215 size-full\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/07\/802.1x.png\" alt=\"\" width=\"605\" height=\"468\" \/><p id=\"caption-attachment-3215\" class=\"wp-caption-text\">802.1x protocol communication \u2013 source: wikimedia.com<\/p><\/div>\n<p>Once the supplicant is authenticated, network access control is directly managed by the network switch using the NAC protocol. This is the crucial role of the authenticator.<\/p>\n<p>The Authenticator has two states per physical port:<\/p>\n<ul>\n<li><strong><span style=\"color: #ff0000;\">Uncontrolled state\u00a0<\/span>: <\/strong>Only allows 802.1x packets and forwards them to the authentication server.<\/li>\n<li><span style=\"color: #008000;\"><strong>Controlled state: <\/strong><\/span>The port acts like a standard port and is completely transparent to the equipment.<\/li>\n<\/ul>\n<div id=\"attachment_3216\" style=\"width: 1011px\" class=\"wp-caption alignnone\"><img decoding=\"async\" aria-describedby=\"caption-attachment-3216\" class=\"wp-image-3216 size-full\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/07\/states.png\" alt=\"\" width=\"1001\" height=\"565\" \/><p id=\"caption-attachment-3216\" class=\"wp-caption-text\">The two states of an Authenticator \u2013 source: Presentation<\/p><\/div>\n<h2>Bypassing the protection<\/h2>\n<p>Note: Older equipment does not support 802.1x, so plugging in instead of a printer or phone is often a quick and effective bypass.<\/p>\n<ol>\n<li><strong>The classic and easy way. <\/strong><\/li>\n<\/ol>\n<p>When no check is performed for the presence of two MAC addresses on the same port, it is generally easy to bypass authentication using a simple &quot;hub&quot;.<\/p>\n<p>Indeed, since the opening of the network port is controlled by the switch, if a legitimate device and an attacker are on the same hub, they are therefore on the same network port of the switch.<\/p>\n<ol start=\"2\">\n<li><strong>The FENRIR tool <\/strong><\/li>\n<\/ol>\n<p>A second technique relies on the FENRIR tool, which is based on intercepting and injecting network packets.<\/p>\n<p><strong>Prerequisites:<\/strong><\/p>\n<ul>\n<li>2 physical network interfaces<\/li>\n<li>Python<\/li>\n<li>Scapy<\/li>\n<\/ul>\n<p><strong>Operating principle<\/strong><\/p>\n<p>From a macro perspective, the tool captures packets from both the legitimate equipment and the attacker&#039;s machine in order to correctly redirect them to their respective recipients. It also rewrites various headers to mask its identity.<\/p>\n<p>In the diagram below, packets B &amp; D originate from and are destined for the legitimate equipment, while packets A &amp; C originate from and are destined for the attacker.<\/p>\n<div id=\"attachment_3218\" style=\"width: 1099px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-3218\" class=\"wp-image-3218 size-full\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/07\/schema-de-focntionnement-de-FENRIR.png\" alt=\"\" width=\"1089\" height=\"215\" \/><p id=\"caption-attachment-3218\" class=\"wp-caption-text\">FENRIR operating diagram \u2013 source: Presentation<\/p><\/div>\n<p>The attacker connects the legitimate device to their workstation and then gains access to the network. The FENRIR tool then allows the legitimate device to authenticate and unlock the network connection.<\/p>\n<p>Then, in order to self-configure, it studies the communications between the legitimate equipment and the network in order to retrieve, among other things:<\/p>\n<ul>\n<li>The IP address of the legitimate equipment<\/li>\n<li>The MAC address of the legitimate equipment<\/li>\n<li>The addresses and ports of the different servers contacted<\/li>\n<\/ul>\n<p>Finally, he usurps the identity of the legitimate equipment, the attacker now being in a total man-in-the-middle position.<\/p>\n<p>During this phase, it creates a referencing table for the transmitted packets, in order to remember, upon return of the packets, that they are destined for the legitimate equipment.<\/p>\n<p>The headers of packets originating from the attacker&#039;s station are modified to spoof the identity of the legitimate equipment. These modifications are then recorded in the address book so that the return packets can be redirected to their respective recipients.<\/p>\n<p>Because the tool operates completely transparently, the attacker can continue their attack using their own tools.<\/p>\n<p>It is therefore possible to capture return connections, useful for the <em>reverse shell<\/em>, Responder, etc.<\/p>\n<p>A rule creation system allows for the on-the-fly interception of packets destined for specific ports.<img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-3220 aligncenter\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/07\/Regles.png\" alt=\"\" width=\"192\" height=\"226\" \/><\/p>\n<h1>Explanation of the demonstration videos<\/h1>\n<p>This section aims to explain the different FENRIR commands entered during Val\u00e9rian LEGRAND&#039;s demonstrations, and the underlying technical details.<\/p>\n<h2>Demonstration Video 1: Brief Overview<\/h2>\n\n<ol>\n<li><strong>Create_virtual_tap\u00a0<\/strong>FENRIR creates a TAP. As a reminder, a TAP allows you to define a virtual network communication interface, which is particularly useful here. This TAP contains the attacker&#039;s connection information.<\/li>\n<\/ol>\n<p style=\"padding-left: 30px;\">All packets are transmitted to this TAP and FENRIR can therefore interface with it in order to correctly redirect packets between the two network interfaces (legitimate machine or internal network).<\/p>\n<ol start=\"2\">\n<li><strong>Autoconf:<\/strong> FENRIR learning phase, detecting the IP &amp; MAC address of the legitimate equipment.<\/li>\n<li><strong>Show all\u00a0<\/strong>: Displays all interception rules.<\/li>\n<li><strong>Run<\/strong>\u00a0: Execute FENRIR<\/li>\n<\/ol>\n<p>The return of the &quot;nc&quot; command occurs at 1:50 and responds with &quot;Hello back&quot;.<\/p>\n<h2>Demonstration Video 2: Using nmap<\/h2>\n\n<p>In the demonstration video, the mode <em>debug<\/em> FENRIR illustrates that the FENRIR tool modifies all the packages of the &quot;nmap&quot; tool in order to perform the scan through 802.1x.<\/p>\n<h2>Demonstration Video 3: Using Responder<\/h2>\n\n<ol>\n<li><strong>create_virtual_tap<\/strong><\/li>\n<li><strong>add_reverse_rule 137 multi IP<\/strong>\u00a0: In order to capture NBNS packets<\/li>\n<li><strong>add_reverse_rule 5355 multi IP\u00a0<\/strong>: In order to capture LLMNR packets<\/li>\n<li><strong>add_reverse_rule 445 unique IP<\/strong> In order to capture the connection in Responder<\/li>\n<\/ol>\n<p style=\"padding-left: 30px;\">Val\u00e9rian points out that the rules management system is not optimal and is likely to change significantly. Currently, the following keywords are available:<\/p>\n<ul>\n<li>\u00ab&quot;Multi&quot; mode means the tool listens on a port, which is particularly useful for Man In The Middle tools.<\/li>\n<li>\u00abThe &quot;Unique&quot; tool captures only one packet before deleting the rule. This is useful when receiving incoming connections to avoid polluting the connection. <em>reverse shell<\/em> and gain stability.<\/li>\n<\/ul>\n<ol start=\"5\">\n<li><strong>Run<\/strong><\/li>\n<\/ol>\n<p>In a second terminal:<\/p>\n<ol start=\"6\">\n<li><strong>Respond \u2013I FENRIR<\/strong>\u00a0: Executes Responder specifying FENRIR&#039;s TAP network interface.<\/li>\n<\/ol>","protected":false},"excerpt":{"rendered":"<p>One of the topics presented at Hack In Paris 2017 concerned the standard [\u2026]<\/p>","protected":false},"author":1,"featured_media":3268,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[],"class_list":["post-3209","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-veille-securite"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>[HIP2017] Bypass 802.1x - FENRIR - INTRINSEC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/hip2017-bypass-802-1x-fenrir\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"[HIP2017] Bypass 802.1x - FENRIR\" \/>\n<meta property=\"og:description\" content=\"L&rsquo;un des sujets pr\u00e9sent\u00e9s lors de la Hack In Paris 2017 portait sur le standard [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/hip2017-bypass-802-1x-fenrir\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-06T17:06:47+00:00\" \/>\n<meta name=\"author\" content=\"Intrinsec\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:site\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Intrinsec\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/hip2017-bypass-802-1x-fenrir\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/hip2017-bypass-802-1x-fenrir\\\/\"},\"author\":{\"name\":\"Intrinsec\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\"},\"headline\":\"[HIP2017] Bypass 802.1x &#8211; FENRIR\",\"datePublished\":\"2017-07-06T17:06:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/hip2017-bypass-802-1x-fenrir\\\/\"},\"wordCount\":1353,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/hip2017-bypass-802-1x-fenrir\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"articleSection\":[\"Veille S\u00e9curit\u00e9\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/hip2017-bypass-802-1x-fenrir\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/hip2017-bypass-802-1x-fenrir\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/hip2017-bypass-802-1x-fenrir\\\/\",\"name\":\"[HIP2017] Bypass 802.1x - FENRIR - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/hip2017-bypass-802-1x-fenrir\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/hip2017-bypass-802-1x-fenrir\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2017-07-06T17:06:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/hip2017-bypass-802-1x-fenrir\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/hip2017-bypass-802-1x-fenrir\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/hip2017-bypass-802-1x-fenrir\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/hip2017-bypass-802-1x-fenrir\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"[HIP2017] Bypass 802.1x &#8211; FENRIR\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\",\"name\":\"INTRINSEC\",\"alternateName\":\"ISEC\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"width\":1322,\"height\":1322,\"caption\":\"INTRINSEC\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Intrinsec\",\"https:\\\/\\\/fr.linkedin.com\\\/company\\\/intrinsec\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC0trUZAHNZOUbxYnNdecM4A\"],\"description\":\"soci\u00e9t\u00e9 de consulting, pure player cybers\u00e9curit\u00e9 fran\u00e7ais et europ\u00e9en depuis plus de 30ans, sp\u00e9cialiste dans la s\u00e9curit\u00e9 offensive & audit (pentest\\\/red team), GRC, et services IMSS comme le SOC, CTI et CERT Intrinsec est qualifi\u00e9 PASSI Elev\u00e9, PRIS Elev\u00e9 et PACS par l'ANSSI\",\"email\":\"contact@intrinsec.com\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\",\"name\":\"Intrinsec\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"caption\":\"Intrinsec\"},\"sameAs\":[\"https:\\\/\\\/www.intrinsec.com\"],\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/ufhtbqccsz\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"[HIP2017] Bypass 802.1x - FENRIR - INTRINSEC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/hip2017-bypass-802-1x-fenrir\/","og_locale":"en_US","og_type":"article","og_title":"[HIP2017] Bypass 802.1x - FENRIR","og_description":"L&rsquo;un des sujets pr\u00e9sent\u00e9s lors de la Hack In Paris 2017 portait sur le standard [&hellip;]","og_url":"https:\/\/www.intrinsec.com\/en\/hip2017-bypass-802-1x-fenrir\/","og_site_name":"INTRINSEC","article_published_time":"2017-07-06T17:06:47+00:00","author":"Intrinsec","twitter_card":"summary_large_image","twitter_creator":"@Intrinsec","twitter_site":"@Intrinsec","twitter_misc":{"Written by":"Intrinsec","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/hip2017-bypass-802-1x-fenrir\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/hip2017-bypass-802-1x-fenrir\/"},"author":{"name":"Intrinsec","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799"},"headline":"[HIP2017] Bypass 802.1x &#8211; FENRIR","datePublished":"2017-07-06T17:06:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/hip2017-bypass-802-1x-fenrir\/"},"wordCount":1353,"commentCount":0,"publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"image":{"@id":"https:\/\/www.intrinsec.com\/hip2017-bypass-802-1x-fenrir\/#primaryimage"},"thumbnailUrl":"","articleSection":["Veille S\u00e9curit\u00e9"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intrinsec.com\/hip2017-bypass-802-1x-fenrir\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/hip2017-bypass-802-1x-fenrir\/","url":"https:\/\/www.intrinsec.com\/hip2017-bypass-802-1x-fenrir\/","name":"[HIP2017] Bypass 802.1x - FENRIR - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/hip2017-bypass-802-1x-fenrir\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/hip2017-bypass-802-1x-fenrir\/#primaryimage"},"thumbnailUrl":"","datePublished":"2017-07-06T17:06:47+00:00","breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/hip2017-bypass-802-1x-fenrir\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/hip2017-bypass-802-1x-fenrir\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/hip2017-bypass-802-1x-fenrir\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/hip2017-bypass-802-1x-fenrir\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"[HIP2017] Bypass 802.1x &#8211; FENRIR"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intrinsec.com\/#organization","name":"INTRINSEC","alternateName":"ISEC","url":"https:\/\/www.intrinsec.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","width":1322,"height":1322,"caption":"INTRINSEC"},"image":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Intrinsec","https:\/\/fr.linkedin.com\/company\/intrinsec","https:\/\/www.youtube.com\/channel\/UC0trUZAHNZOUbxYnNdecM4A"],"description":"Intrinsec, a consulting firm and pure-play French and European cybersecurity provider for over 30 years, specializes in offensive security and auditing (penetration testing\/red teams), GRC, and IMSS services such as SOC, CTI, and CERT. Intrinsec is qualified at PASSI High, PRIS High, and PACS levels by ANSSI.","email":"contact@intrinsec.com"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799","name":"Intrinsic","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","caption":"Intrinsec"},"sameAs":["https:\/\/www.intrinsec.com"],"url":"https:\/\/www.intrinsec.com\/en\/author\/ufhtbqccsz\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/3209","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=3209"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/3209\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=3209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=3209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=3209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}