Aug 13, 2015

The Art of VoIP Hacking - DEF CON 23 Workshop Materials

The Art of VoIP Hacking workshop has beed provided during the DEF CON 23 USA last week. We have discussed about the VoIP vulnerabilities, design issues and current treats targeting the VoIP environments. In addition, we have also demonstrated the major attack vectors for the VoIP services including the advanced SIP attacks, exploitation of the VoIP server vulnerabilities, Cisco Skinny attacks, attacking Cisco hosted VoIP services (CUCM/CUCDM), decryption of the SRTP traffic and exploitation of the VoIP client vulnerabilities. Over than 35 attendees have used the Viproy VoIP Penetration Testing Kit to attack to the test environment which has samples for each attack exercises. The following materials are provided for the DEF CON 23 workshop, but also for the VoIP community to improve unified communications security. 

The Art of VoIP Hacking - Presentation 

The Viproy VoIP Penetration Testing Kit (Customised Metasploit Framework repository)

Youtube videos of the attack demonstrations:

VoIP Wars: Attack of the Cisco Phones (Live Demo Remake)

Boghe VoIP client - SIP Invite based PoC exploit (0 Day)

Vi-Vo VoIP client - SIP Message based PoC exploit (0 Day)

Shellshock exploit demonstration for Cisco CUCM 10.5.1

SDES based SRTP traffic decryption demo