Tags › voip security
BruCON Training: Module 4, Attacking Unified Communications
Published on Sep 7, 2010 in conferences, voip security, trainings
The final module in the upcoming pentesting VoIP crashcourse is the most exciting one. In this section we look at VoIP systems as a whole. Unified communications is one of those words that have been hyped up to include everything, from chat to video phone calls and SMS. What we will look at in this section is how to go about breaking into the following during a penetration test: Web application security flaws in Asterisk-based PBX servers Attacking various services open in PBX servers, such as TFTP How once you’re on a PBX network, you can sometimes simply use your phone to spy on other phone calls How to make use of hardware taps Hardware phone features that can be abused Abuse of various exposed features in Cisco call manager accessible on the HTTP server This module will help familiarize the attendees with the target servers and system.…
Read more »BruCON Training: Module 3, Attacking the media
Published on Sep 2, 2010 in trainings, conferences, voip security
This is part of the BruCON VoIP security crash course training intro. For more information about the course and to secure a place, check out the BruCON website. We trust our phones with our sensitive data more than most other forms of communications. We may not trust sending our credit card number by email to the hotel. In the end we give it to them on the phone anyway, and it may not matter if the phone is a mobile phone or a VoIP phone.…
Read more »BruCON Training: Module 2, Attacking signaling protocols
Published on Sep 1, 2010 in conferences, voip security, trainings
This is part of the BruCON VoIP security crash course training intro. For more information about the course and to secure a place, check out the BruCON website. Most VoIP systems perform signaling using a protocol separate than the media transfer protocol. Signaling protocols allow VoIP systems to register, authenticate, and initiate phone calls and tends to carry a lot of intelligence with it. In this part of the training, Joffrey and myself will talk you through the following different signaling protocols and attacks that apply to these protocols:…
Read more »BruCON Training: Module 1, An Introduction to …
Published on Aug 31, 2010 in conferences, voip security, trainings
An Introduction to VoIP technology, security threats and solutions, module 1. This module allow us to set the stage for the rest of the training. We will introduce the players - Asterisk, Cisco unified communications and other products. We will introduce the protocols briefly - SIP, SCCP (Skinny), IAX2, H.323 and MGCP. We will also look at how VLANs and other solutions are used to provide security (and where they fail).…
Read more »BruCON Training: A crashcourse in pentesting VOIP networks (update)
Published on Aug 30, 2010 in conferences, trainings, voip security
We just updated the outline of the 2 day crashcourse on the main BruCON training website! In the coming days I’ll be highlighting the modules to explain what each consist of. Training registration is from this page, and for any questions get in contact with Sn0rky or myself. This is what it looks like: Module 1: Introduction to VoIP technology, security threats and solutions Introduce the protocols Mitigation technologies How confidentiality / integrity / availability applies to VoIP fraud spying on phone calls modification of phone data denial of service Module 2: Attacking signaling protocols…
Read more »A crashcourse in pentesting VOIP networks at BruCON 2010
Published on Jun 8, 2010 in conferences, trainings, voip security
Joffrey CZARNY and myself (Sandro) will be hosting a crashcourse at BruCON 2010. This will be a two day workshop on the 22 & 23 September 2010. In a nutshell, we will be helping the attendees quickly get up to speed with VoIP networks and performing security assessments in that idea. More information about the training can be found at the official page. If you would like to register for the training go straight to the BruCON training registration page.…
Read more »Getting root access on Cisco CallManager 7 and 8 Server, Athcon, updates in new tool tftptheft and the VoIP honeynet challenge
Published on Jun 1, 2010 in conferences, voip security, cyber crime, softphone security, tftp theft
Lots going on right now. The following is a summary: Recurity Labs just published the jail-break for Cisco CallManager (CUCM) v7/8 which I had something to do with ;-) Will be presenting at Athcon on VoIP insecurities and cybercrime- drop me an email if you’ll be there TFTPTheft has been updated to support template filenames Will be posting more on TFTPTheft with use cases and examples. If you do have questions, drop me an email.…
Read more »RTP Traffic to 1.1.1.1
Published on Feb 3, 2010 in sip security, voip security
I was reading RIPE Labs’ very interesting post called Pollution in 1/8. The article talks about traffic being sent to the 1/8 address space, which has recently been temporarily allocated. One part of the article caught my eye: “We found that almost 60% of the UDP packets are sent towards the IP address 1.1.1.1 on port 15206 which makes up the largest amount of packets seen by our RRC. Most of these packets start their data section with 0x80, continue with seemingly random data and are padded to 172 bytes with an (again seemingly random) 2 byte value.…
Read more »How law enforcement sees VoIP
Published on Jul 27, 2009 in voip security
While browsing Wikileaks, I came across a document titled “An Overview of VOIP for Law Enforcement, 23 Dec 2008”. It reads as a “VoIP explained” document for law enforcement , explaining the basics and the restrictions that law enforcement agencies have when it comes to VoIP. Here’s a summary: The difference between a traditional phone call and a VoIP phone call is discussed (signals and circuits versus packets) With VoIP various devices may be used: software (softphones) installed on a pc, VoIP gateways and IP Phones Discussion of caller id spoofing, how it makes it harder for LE to tell if the call is from a VoIP provider or a real number or not (anonymous calls) Vishing, the act of phishing by involving VoIP Actively tracing VoIP calls is almost impossible 911 emergency calls or VoIP E911 is mentioned There are 4 ways to identify VoIP usage: the Caller ID (which may be spoofed), Phone records (where tracing is similar to tracing the source of email), VoIP hardware (eg.…
Read more »Scan your public facing PBX with VOIPSCANNER.com
Published on Jul 17, 2009 in asterisk, voip security, security tools
Announcing VOIPSCANNER.com, the SaaS Voice over IP Security scanner. If you’re already familiar with SIPVicious, then you can guess what this tool does. This online tool makes it easier than ever to check if the Asterisk box you just installed, or most other SIP PBX servers, is misconfigured and contains weak credentials. Attackers on the ’net are already doing this for their own benefit, don’t wait until they hit your PBX!…
Read more »