Jul 21, 2015

Defcon 23 Workshop: The Art of VoIP Hacking

VoIP attacks have evolved, and they are targeting Unified Communications (UC), commercial services, hosted environment and call centres using major vendor and protocol vulnerabilities. This workshop is designed to demonstrate these cutting edge VoIP attacks, and improve the VoIP skills of the incident response teams, penetration testers and network engineers. Signalling protocols are the centre of UC environments, but also susceptible to IP spoofing, trust issues, call spoofing, authentication bypass and invalid signalling flows. They can be hacked with legacy techniques, but a set of new attacks will be demonstrated in this workshop. This workshop includes basic attack types for UC infrastructure, advanced attacks to the SIP and Skinny protocol weaknesses, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy use to analyse signalling services using novel techniques. Also the well-known attacks to the network infrastructure will be combined with the current VoIP vulnerabilities to test the target workshop network. Attacking VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by Fatih). It has a dozen modules to test trust hacking issues, information collected from SIP and Skinny services, gaining unauthorised access, call redirection, call spoofing, brute-forcing VoIP accounts, Cisco CUCDM exploitation and debugging services using as MITM. Furthermore, Viproy provides these attack modules in the Metasploit Framework environment with full integration. The workshop contains live demonstration of practical VoIP attacks and usage of the Viproy modules.
In this hands-on workshop, attendees will learn about basic attack types for UC infrastructure, advanced attacks to the SIP protocol weaknesses, Cisco Skinny protocol hacking, hacking Cisco CUCDM and CUCM servers, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy VoIP pen-test kit to analyse VoIP services using novel techniques. New CDP, CUCDM and Cisco Skinny modules and techniques of Viproy will be demonstrated in the workshop as well.
Details and registration
Who should attend
Penetration testers, VoIP engineers, security engineers, internal auditors and all hackers who have a wireless card and a VM player.
Workshop Requirements
Participants should have an up to date Kali Linux virtual machine with Metasploit Framework. (The disk image will be provided by the tutors)
Christos Archimandritis has nearly 5 years’ of experience in information security consulting, having performed various security assessments for clients in the banking, telecom and government sector. Prior to joining Sense of Security, he was a senior security consultant with a major consulting company in Europe. While working there, he performed network and web application penetration tests, mobile application penetration tests and wireless assessments for various clients in Europe and the Middle East. Before that, he worked in the European branch of a major company in the automotive sector, developing solutions for the company’s SAP and Business Objects environments as well as administering the company’s data warehouse.
Fatih Ozavci is a Security Researcher, Principal Security Consultant with Sense of Security, and the author of the Viproy VoIP Penetration Testing Kit. Fatih has discovered several previously unknown security vulnerabilities and design flaws in IMS, Unified Communications, Embedded Devices, MDM, Mobility and SAP integrated environments for his customers. He has completed several unique penetration testing services during his career of more than 15 years. His current research is based on securing IMS/UC services, IPTV systems, attacking mobile VoIP clients, VoIP service level vulnerabilities, SaaS, mobility security testing, hardware hacking and MDM analysis. Fatih has presented his VoIP and mobile research at BlackHat USA’14, DefCon 22 and 21, Troopers’15, Cluecon 2013 and Ruxcon 2013. He has also provided VoIP and Mobility Security Testing workshop at AustCert’14, Kiwicon'15 and Troopers'15 events.