SIP and Skinny servers provide signalling services and they are the centre of Unified Communication networks and VoIP services. Signalling protocols are susceptible to IP spoofing, proxy trust issues, call spoofing, authentication bypass and bogus signalling flows. It can be hacked with legacy techniques, but a few new attack types will be demonstrated in this training. This training includes basic attack types for UC infrastructure, advanced attacks to the SIP and Skinny protocol weaknesses, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy to analyse SIP services using novel techniques.
Attacking VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by the trainer). It has a dozen modules to test trust hacking issues, information collected from SIP and Skinny services, gaining unauthorised access, call redirection, call spoofing, brute-forcing VoIP accounts and debugging services using as MITM. Furthermore, Viproy provides these attack modules in a Metasploit Framework environment and full integration. The training contains live demonstration of practical VoIP attacks and usage of new Viproy modules.
Registration : Troopers 15
Training Agenda
- Network Infrastructure
- VoIP Server Security
- Signalling Security
- Signalling Essentials
- Testing of SIP and Skinny Services
- Media Transport Security
- Media Transport Essentials
- Testing of RTP, SRTP and Proxy Services
- Cloud VoIP Solutions Security
- VoIP Client Security
- Capture the Flag
