Pentera Labs showed how attackers can bypass network segmentation using SoftEther VPN to tunnel across restricted segments. By compromising a single host, they set up a VPN bridge and cascade connections to flatten segmentation, gaining full Layer 2 visibility and access to hidden hosts. With this access, they scanned networks, bypassed firewalls, and captured credentials using tools like Responder. Mitigations include disabling promiscuous mode, blocking unauthorized drivers, enforcing NAC, and monitoring SSL traffic to detect rogue VPN servers. Continuous automated validation is advised to detect misconfigurations that enable tunneling attacks.

Join for free to read