Tags › conferences
BruCON Training: Module 1, An Introduction to …
Published on Aug 31, 2010 in conferences, voip security, trainings
An Introduction to VoIP technology, security threats and solutions, module 1. This module allow us to set the stage for the rest of the training. We will introduce the players - Asterisk, Cisco unified communications and other products. We will introduce the protocols briefly - SIP, SCCP (Skinny), IAX2, H.323 and MGCP. We will also look at how VLANs and other solutions are used to provide security (and where they fail).…
Read more »BruCON Training: A crashcourse in pentesting VOIP networks (update)
Published on Aug 30, 2010 in conferences, trainings, voip security
We just updated the outline of the 2 day crashcourse on the main BruCON training website! In the coming days I’ll be highlighting the modules to explain what each consist of. Training registration is from this page, and for any questions get in contact with Sn0rky or myself. This is what it looks like: Module 1: Introduction to VoIP technology, security threats and solutions Introduce the protocols Mitigation technologies How confidentiality / integrity / availability applies to VoIP fraud spying on phone calls modification of phone data denial of service Module 2: Attacking signaling protocols…
Read more »A crashcourse in pentesting VOIP networks at BruCON 2010
Published on Jun 8, 2010 in conferences, trainings, voip security
Joffrey CZARNY and myself (Sandro) will be hosting a crashcourse at BruCON 2010. This will be a two day workshop on the 22 & 23 September 2010. In a nutshell, we will be helping the attendees quickly get up to speed with VoIP networks and performing security assessments in that idea. More information about the training can be found at the official page. If you would like to register for the training go straight to the BruCON training registration page.…
Read more »Getting root access on Cisco CallManager 7 and 8 Server, Athcon, updates in new tool tftptheft and the VoIP honeynet challenge
Published on Jun 1, 2010 in conferences, voip security, cyber crime, softphone security, tftp theft
Lots going on right now. The following is a summary: Recurity Labs just published the jail-break for Cisco CallManager (CUCM) v7/8 which I had something to do with ;-) Will be presenting at Athcon on VoIP insecurities and cybercrime- drop me an email if you’ll be there TFTPTheft has been updated to support template filenames Will be posting more on TFTPTheft with use cases and examples. If you do have questions, drop me an email.…
Read more »VoIP security workshop at BruCON 2009
Published on Sep 17, 2009 in conferences, sip security, trainings
I’m back in my little island after SEC-T (which had excellent content btw!) but already need to leave again. This time to Brussels for BruCON, and together with Joffrey Czarny, I’ll be hosting a workshop solely dedicated to VoIP security auditing. Joffrey will be focusing on Cisco and other vendors and I’m really looking forward to that! I, on the other hand, will be talking more about freely available software such as Asterisk, Trixbox and X-lite.…
Read more »HARrrr - Hacking at random
Published on Aug 13, 2009 in conferences
It’s that time of the year, HAR is with us and lots of hackers and other deviants gather to camp (or simply drink with campers) and attend a couple of events. I put up my list of interesting (for me) presentations / events to visit today at the EnableSecurity blog. From the VoIP side, there doesn’t seem to be any talks of interest but there’s eventphone.de which offers a SIP and IAX2 interface, and some people (French ;-)) who did get involved into VoIP and Security somehow or another.…
Read more »Scanning the Intertubes for VoIP at CONFidence
Published on May 10, 2009 in conferences, trainings, voip security
As I’m writing, plans are being made for my trip to Krakow, Poland for AppSecEU09 (OWASP) and CONFidence. Will be presenting at CONFidence on VoIP security and how it translates to the Internet. It will consist of a sample of the threats that exist out there and are or may be exploited by would be criminals. What this means is that I’ll be describing a healthy dose of SIP and IAX2 abuse together with various live and recorded demos.…
Read more »Troopers09 & IAX2 support
Published on Apr 15, 2009 in voip security, conferences, asterisk
I will be co-presenting in Munich together with Wendel on Web Application Firewall insecurities and dropping some new tools. If any readers are going to be around the area for Troopers09 next week, drop me a note. Beer is mostly welcome. My Twitter account will probably be getting a few updates ;-) As a sidenote.. VOIPPACK now gets IAX2 support, with 3 additional tools. Most notable is IAX2autohack which is very similar to sipautohack but for the Asterisk protocol.…
Read more »Off to RSA Europe 2008
Published on Oct 26, 2008 in conferences
I’ll be in the UK for the next few days to visit RSA Europe. Will probably be twittering on twitter.com/sandrogauci and updating the sister blog at EnableSecurity where I’ll post the list of talks that I’m interested in visiting as soon as I get a chance. And of course - if any readers are around drop me a message ;-)…
Read more »Defcon 15 videos - VoIP related talks
Published on May 2, 2008 in conferences, fuzzing, sip security
Just in case anyone missed Defcon 15 (like I did), here’s two talks of interest with relation to VoIP: T210: INTERSTATE: A Stateful Protocol Fuzzer for SIP by Ian G. Harris T442: Real-time Steganography with RTP by |)ruid For the rest of the videos check out this list. Thanks for Anthony of Iron::Guard for the pointer.…
Read more »