SlideShare une entreprise Scribd logo

Positive Hack Days. Gritsai. VOIP insecurities workshop

Télécharger en tant que PPTX, PDF
Positive Hack Days
Positive Hack Days

Участник получит представление об основе IP-телефонии, а также базовые навыки поиска уязвимостей на примере распространенных IP-PBX и абонентских устройств. Рассматриваются как типовые сетевые уязвимости, так и сложные случаи, обнаруживаемые в ходе анализа защищенности реальных сетей.

Technologie
1  sur  35
VOIPinsecuritiesworkshop “I just called to say I pwn you I just called to say how much I care I just called to say I own you And I mean it from the bottom of my heart” Stevie Wonder
Agenda VOIP PSTN & VOIP PSTN vs. VOIP VOIP protocols VOIP security Attacking VOIP Enumerating VOIP devices RTP attacks +demonstration SIPattacks +practice Further readings
PSTN/ Public switched telephone network
VOIP / Voice over Internet Protocol
PSTN vs. VOIP Network PSTN – Closed network VOIP – Public network(Internet) End-user devices PSTN – Simple devices VOIP – Complex devices Authentication PSTN – No mobility (Authentication by wire) VOIP – Mobility
VOIP protocols Signaling protocols Media protocols Call control and media stream use different routes
VOIP protocols: SignalingShort overview SIPSession Initiation Protocol SDPSession Description Protocol H.323H.323 MGCPMedia Gateway Control Protocol SCCPSkinny Client Control Protocol RTCPReal-time Transfer Control Protocol
VOIP protocols: Media and HybridShort overview Media RTP/SRTP Hybrid (signaling + media) IAX/IAX2
VOIP insecurities Confidentiality eavesdropping, recording, … Availability DoS, buffer overflows, … Authentication registration hijacking, Caller ID spoofing, … Fraud toll fraud, data masquerading, … SPIT (SPAM over IP Telephony) voice phishing, unsolicited calling, …
VOIP insecuritiesTopics for today Enumeration of VOIP devices search engines port scanning RTP eavesdropping/recording calls inserting data into media stream DoS SIP searching extensions Caller name spoofing DoS
Enumerating VOIP devicesGoogle hacking Google hacking GHDB User manual -> request Google inurl: intitle: site:<Customer> ! Examples: Asterisk Management Portal: intitle:asterisk.management.portal web-access Cisco Phones: inurl:"NetworkConfiguration" cisco Cisco CallManager: inurl:"ccmuser/logon.asp" D-Link Phones: intitle:"D-Link DPH" "web login setting" Grandstream Phones: intitle:"Grandstream Device Configuration" password Linksys (Sipura) Phones: intitle:" SPA Configuration" PolycomSoundpoint Phones: intitle:"SoundPoint IP Configuration"
Enumerating VOIP devicesShodan [1/2] www.shodanhq.com search for domain names, ips, ports
Enumerating VOIP devicesShodan [2/2] Banner grabbing passwordlessSnom phones
Enumerating VOIP devicesnmap VOIP scanners smap svmap (sipvicious) Fyodor’s nmap -sU UDP scanning common problems
Enumerating VOIP devicesCommon ports VOIP protocols 5060-5070, 1718-1720, 2517, …. RTP ports are allocated dynamically Management protocols TCP 21-23, 80, 443, 8088, … UDP 161, 162, 69, … IANA Internet Assigned Numbers Authority grep<vendor> www.iana.org/assignments/port-numbers
RTP Real-time Transport Protocol RFC 1889 (1996) ->RFC 3550 (2003) Media over IP/UDP Packer reordering Used with signaling protocols (SIP, H.323, MGCP) RTCP (Real-time Transport Control Protocol) RTCP port =RTP port + 1
RTP Attacks Call interception Attacking layers2, 3 Decoding intercepted data Injection into call Finding RTP port Injecting media stream Denial of Service RTP flood
RTP AttacksCall interception ARP spoofing Cain & abel ettercap arpspoof (dsniff) Wireshark Telephony VOIP calls / Demo
RTP AttacksInjection: Synchronization in RTP sequence number position in media stream +=1 timestampsampling +=1 SSRCidentifying source const (random 32 bit value) payload type codec in use
RTPAttacksInjection Unencrypted deployment issues (debug) QoSissues key distribution UDP – connectionless Data requirements: SSRC timestamp, sequence number – monotonically increasing timestamp, sequence number - fuzzing
RTP AttacksInjection Finding RTP port InterceptSDP Port scan Media injection Requirements frequency codec Demo SDP || nmap rtpinsertsound not working 100%?
RTP AttacksDenial of Service Flood Low bandwidth requirements Media stream = high load Authentication - SIP and again … UDP - connectionless / Demo rtpflood
SIP Session Initiation Protocol Application layer (TCP/UDP) ASCII header SIP header ~= e-mail header URI
SIP Components UA (User agent), Proxy, Registrar, Redirect Call viaProxy Call via Redirect
SIP Attacks Using somebodies PBX Extension enumeration Bruteforce extension password Caller name spoofing Registration hijacking Denial of service Busy lines
SIPRequests INVITEindicates a client is being invited to participate in a call session BYETerminates a call and can be sent by either the caller or the callee OPTIONSQueries the capabilities of servers REGISTERRegisters the address listed in the To header field with a SIP server ACKConfirms that the client has received a final response to an INVITE request CANCELCancels any pending request more …
SIPAnswers 1хх Informational (100 Trying, 180 Ringing) 2xx Successful (200 OK, 202 Accepted) 3xx Redirection (302 Moved Temporarily) 4xx Request Failure (404 Not Found, 482 Loop Detected) 5xx Server Failure (501 Not Implemented) 6xx Global Failure (603 Decline)
basic SIP call
SIP AttacksUsing somebodies PBX PBX Extension enumeration Bruteforcing passwords Making a call Practice withSipvicious svmap <ip> svwar –e<extensions> <ip> -m<REQUEST> svcrack –u<extension> -d <dictionary> <ip> Setting up asoftphone
SIP AttacksCaller name spoofing Caller Name spoofing Softphone Practicing X-Lite Softphone–caller name spoofing Display name‘ 1=1 -- Domain ip of UA Register disable
SIP AttacksRegistration hijacking Registration hijacking INVITE to PBX Search user in Registar Registration is in Contact header: ip address Practicing with X-Lite Register settings rate
SIP AttacksDenial of Service Denial of Service No auth -> INVITE <- TRYING… <- Busy here HTTP digest -> INVITE generation/storingnonce Practice inviteflood
Further reading Set up a lab http://enablesecurity.com/resources/how-to-set-up-a-voip-lab-on-a-shoe-string/ Read and practice Hacking Exposed VoIP—Voice Over IP Security Secrets & Solutions Advanced attacks “Having fun with RTP” by kapejod “SIP home gateways under fire” by AnhängteDateien Fuzzing
QA
ggritsai@ptsecurity.ru

Recommandé

Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
Ceh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksCeh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksVi Tính Hoàng Nam
 
Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...
Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...
Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...Matrix Comsec
 
Voice over IP
Voice over IPVoice over IP
Voice over IPTogis UAB Ltd
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumerationVi Tính Hoàng Nam
 
VoIPER: Smashing the VoIP stack while you sleep
VoIPER: Smashing the VoIP stack while you sleepVoIPER: Smashing the VoIP stack while you sleep
VoIPER: Smashing the VoIP stack while you sleepguestad6e9e
 
Matrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI Gateway
Matrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI GatewayMatrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI Gateway
Matrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI GatewayMatrix Comsec
 

Recommandé

Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
Ceh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksCeh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksVi Tính Hoàng Nam
 
Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...
Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...
Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...Matrix Comsec
 
Voice over IP
Voice over IPVoice over IP
Voice over IPTogis UAB Ltd
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumerationVi Tính Hoàng Nam
 
VoIPER: Smashing the VoIP stack while you sleep
VoIPER: Smashing the VoIP stack while you sleepVoIPER: Smashing the VoIP stack while you sleep
VoIPER: Smashing the VoIP stack while you sleepguestad6e9e
 
Matrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI Gateway
Matrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI GatewayMatrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI Gateway
Matrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI GatewayMatrix Comsec
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
OST Market - Hybrid Case Histories
OST Market - Hybrid Case HistoriesOST Market - Hybrid Case Histories
OST Market - Hybrid Case HistoriesRoberto Galoppini
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 
Encrypted Voice Communications
Encrypted Voice CommunicationsEncrypted Voice Communications
Encrypted Voice Communicationssbwahid
 
Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.Sumutiu Marius
 
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesPriyanka Aash
 
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesCeh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesVi Tính Hoàng Nam
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLSOlle E Johansson
 
Forti wifi
Forti wifiForti wifi
Forti wifiLan & Wan Solutions
 
*astTECS - IP PBX_2018
*astTECS - IP PBX_2018*astTECS - IP PBX_2018
*astTECS - IP PBX_2018Salman Muhammed Ashraf
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversVi Tính Hoàng Nam
 
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosPriyanka Aash
 
No More Fraud Cluecon2014
No More Fraud Cluecon2014No More Fraud Cluecon2014
No More Fraud Cluecon2014Flavio Eduardo de Andrade Goncalves
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
Brst – Border Router Security Tool
Brst – Border Router Security ToolBrst – Border Router Security Tool
Brst – Border Router Security Tooltleroy0928
 
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...Positive Hack Days
 
Анализ работы антивирусных лабораторий
Анализ работы антивирусных лабораторийАнализ работы антивирусных лабораторий
Анализ работы антивирусных лабораторийPositive Hack Days
 
Hacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraudHacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraudcVidya Networks
 

Contenu connexe

Tendances

How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
OST Market - Hybrid Case Histories
OST Market - Hybrid Case HistoriesOST Market - Hybrid Case Histories
OST Market - Hybrid Case HistoriesRoberto Galoppini
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 
Encrypted Voice Communications
Encrypted Voice CommunicationsEncrypted Voice Communications
Encrypted Voice Communicationssbwahid
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.Sumutiu Marius
 
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesPriyanka Aash
 
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesCeh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesVi Tính Hoàng Nam
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLSOlle E Johansson
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversVi Tính Hoàng Nam
 
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosPriyanka Aash
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
Brst – Border Router Security Tool
Brst – Border Router Security ToolBrst – Border Router Security Tool
Brst – Border Router Security Tooltleroy0928
 

Tendances (19)

How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
OST Market - Hybrid Case Histories
OST Market - Hybrid Case HistoriesOST Market - Hybrid Case Histories
OST Market - Hybrid Case Histories
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacks
 
Encrypted Voice Communications
Encrypted Voice CommunicationsEncrypted Voice Communications
Encrypted Voice Communications
 
Voip security
Voip securityVoip security
Voip security
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP Gateways
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problems
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
 
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
 
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesCeh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilities
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS
 
Forti wifi
Forti wifiForti wifi
Forti wifi
 
*astTECS - IP PBX_2018
*astTECS - IP PBX_2018*astTECS - IP PBX_2018
*astTECS - IP PBX_2018
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webservers
 
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddos
 
No More Fraud Cluecon2014
No More Fraud Cluecon2014No More Fraud Cluecon2014
No More Fraud Cluecon2014
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
Brst – Border Router Security Tool
Brst – Border Router Security ToolBrst – Border Router Security Tool
Brst – Border Router Security Tool
 

En vedette

Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...Positive Hack Days
 
Анализ работы антивирусных лабораторий
Анализ работы антивирусных лабораторийАнализ работы антивирусных лабораторий
Анализ работы антивирусных лабораторийPositive Hack Days
 
Hacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraudHacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraudcVidya Networks
 
Light And Dark Side Of Code Instrumentation
Light And Dark Side Of Code InstrumentationLight And Dark Side Of Code Instrumentation
Light And Dark Side Of Code InstrumentationPositive Hack Days
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
Бинарный анализ с декомпиляцией и LLVM
Бинарный анализ с декомпиляцией и LLVMБинарный анализ с декомпиляцией и LLVM
Бинарный анализ с декомпиляцией и LLVMPositive Hack Days
 

En vedette (7)

Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
 
Анализ работы антивирусных лабораторий
Анализ работы антивирусных лабораторийАнализ работы антивирусных лабораторий
Анализ работы антивирусных лабораторий
 
Hacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraudHacking PBXs for international revenue share fraud
Hacking PBXs for international revenue share fraud
 
Light And Dark Side Of Code Instrumentation
Light And Dark Side Of Code InstrumentationLight And Dark Side Of Code Instrumentation
Light And Dark Side Of Code Instrumentation
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
 
Бинарный анализ с декомпиляцией и LLVM
Бинарный анализ с декомпиляцией и LLVMБинарный анализ с декомпиляцией и LLVM
Бинарный анализ с декомпиляцией и LLVM
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 

Similaire à Positive Hack Days. Gritsai. VOIP insecurities workshop

Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP ThousandEyes
 
Introduction to VoIP using SIP
Introduction to VoIP using SIPIntroduction to VoIP using SIP
Introduction to VoIP using SIPKundan Singh
 
Voice over internet_protocol
Voice over internet_protocolVoice over internet_protocol
Voice over internet_protocolammugowri
 
SIP in action Itexpo West
SIP in action Itexpo WestSIP in action Itexpo West
SIP in action Itexpo WestGraham Francis
 
Matrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS GatewaysMatrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS GatewaysMatrix Comsec
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation ProtocolMatt Bynum
 
1 Vo Ip Overview
1 Vo Ip Overview1 Vo Ip Overview
1 Vo Ip OverviewMayank Vora
 
1 Vo I P Overview
1 Vo I P Overview1 Vo I P Overview
1 Vo I P OverviewMayank Vora
 
Voice over IP: Issues and Protocols
Voice over IP: Issues and ProtocolsVoice over IP: Issues and Protocols
Voice over IP: Issues and ProtocolsVideoguy
 
At610 shared by voip.com.vn
At610 shared by voip.com.vnAt610 shared by voip.com.vn
At610 shared by voip.com.vnTran Thanh
 
VoIP on LTE -packet Filter
VoIP on LTE -packet FilterVoIP on LTE -packet Filter
VoIP on LTE -packet Filterraj_naveen
 
Matrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI Gateway
Matrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI GatewayMatrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI Gateway
Matrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI GatewayMatrix Comsec
 
Sinnreich Henry Johnston Alan Pt 3
Sinnreich Henry Johnston Alan Pt 3Sinnreich Henry Johnston Alan Pt 3
Sinnreich Henry Johnston Alan Pt 3Carl Ford
 

Similaire à Positive Hack Days. Gritsai. VOIP insecurities workshop (20)

IP and VoIP Fundamentals
IP and VoIP FundamentalsIP and VoIP Fundamentals
IP and VoIP Fundamentals
 
Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP
 
VOIP
VOIPVOIP
VOIP
 
Introduction to VoIP using SIP
Introduction to VoIP using SIPIntroduction to VoIP using SIP
Introduction to VoIP using SIP
 
Fact sheet sip v1
Fact sheet sip v1Fact sheet sip v1
Fact sheet sip v1
 
Dalton Jim
Dalton JimDalton Jim
Dalton Jim
 
Voice over internet_protocol
Voice over internet_protocolVoice over internet_protocol
Voice over internet_protocol
 
SIP in action Itexpo West
SIP in action Itexpo WestSIP in action Itexpo West
SIP in action Itexpo West
 
Matrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS GatewaysMatrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS Gateways
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation Protocol
 
1 Vo Ip Overview
1 Vo Ip Overview1 Vo Ip Overview
1 Vo Ip Overview
 
1 Vo I P Overview
1 Vo I P Overview1 Vo I P Overview
1 Vo I P Overview
 
SBC: Do I really need it?
SBC: Do I really need it?SBC: Do I really need it?
SBC: Do I really need it?
 
Voice over IP: Issues and Protocols
Voice over IP: Issues and ProtocolsVoice over IP: Issues and Protocols
Voice over IP: Issues and Protocols
 
SIP for geeks
SIP for geeksSIP for geeks
SIP for geeks
 
At610 shared by voip.com.vn
At610 shared by voip.com.vnAt610 shared by voip.com.vn
At610 shared by voip.com.vn
 
VoIP on LTE -packet Filter
VoIP on LTE -packet FilterVoIP on LTE -packet Filter
VoIP on LTE -packet Filter
 
Matrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI Gateway
Matrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI GatewayMatrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI Gateway
Matrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI Gateway
 
Sinnreich Henry Johnston Alan Pt 3
Sinnreich Henry Johnston Alan Pt 3Sinnreich Henry Johnston Alan Pt 3
Sinnreich Henry Johnston Alan Pt 3
 
Introduction To SIP
Introduction To SIPIntroduction To SIP
Introduction To SIP
 

Plus de Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikPositive Hack Days
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQubePositive Hack Days
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityPositive Hack Days
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Positive Hack Days
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для ApproofPositive Hack Days
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Positive Hack Days
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложенийPositive Hack Days
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложенийPositive Hack Days
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application SecurityPositive Hack Days
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОPositive Hack Days
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке СиPositive Hack Days
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CorePositive Hack Days
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опытPositive Hack Days
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterPositive Hack Days
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиPositive Hack Days
 

Plus de Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQube
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для Approof
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложений
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application Security
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
 

Dernier

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Dernier (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Positive Hack Days. Gritsai. VOIP insecurities workshop

  • 1. VOIPinsecuritiesworkshop “I just called to say I pwn you I just called to say how much I care I just called to say I own you And I mean it from the bottom of my heart” Stevie Wonder
  • 2. Agenda VOIP PSTN & VOIP PSTN vs. VOIP VOIP protocols VOIP security Attacking VOIP Enumerating VOIP devices RTP attacks +demonstration SIPattacks +practice Further readings
  • 3. PSTN/ Public switched telephone network
  • 4. VOIP / Voice over Internet Protocol
  • 5. PSTN vs. VOIP Network PSTN – Closed network VOIP – Public network(Internet) End-user devices PSTN – Simple devices VOIP – Complex devices Authentication PSTN – No mobility (Authentication by wire) VOIP – Mobility
  • 6. VOIP protocols Signaling protocols Media protocols Call control and media stream use different routes
  • 7. VOIP protocols: SignalingShort overview SIPSession Initiation Protocol SDPSession Description Protocol H.323H.323 MGCPMedia Gateway Control Protocol SCCPSkinny Client Control Protocol RTCPReal-time Transfer Control Protocol
  • 8. VOIP protocols: Media and HybridShort overview Media RTP/SRTP Hybrid (signaling + media) IAX/IAX2
  • 9. VOIP insecurities Confidentiality eavesdropping, recording, … Availability DoS, buffer overflows, … Authentication registration hijacking, Caller ID spoofing, … Fraud toll fraud, data masquerading, … SPIT (SPAM over IP Telephony) voice phishing, unsolicited calling, …
  • 10. VOIP insecuritiesTopics for today Enumeration of VOIP devices search engines port scanning RTP eavesdropping/recording calls inserting data into media stream DoS SIP searching extensions Caller name spoofing DoS
  • 11. Enumerating VOIP devicesGoogle hacking Google hacking GHDB User manual -> request Google inurl: intitle: site:<Customer> ! Examples: Asterisk Management Portal: intitle:asterisk.management.portal web-access Cisco Phones: inurl:"NetworkConfiguration" cisco Cisco CallManager: inurl:"ccmuser/logon.asp" D-Link Phones: intitle:"D-Link DPH" "web login setting" Grandstream Phones: intitle:"Grandstream Device Configuration" password Linksys (Sipura) Phones: intitle:" SPA Configuration" PolycomSoundpoint Phones: intitle:"SoundPoint IP Configuration"
  • 12. Enumerating VOIP devicesShodan [1/2] www.shodanhq.com search for domain names, ips, ports
  • 13. Enumerating VOIP devicesShodan [2/2] Banner grabbing passwordlessSnom phones
  • 14. Enumerating VOIP devicesnmap VOIP scanners smap svmap (sipvicious) Fyodor’s nmap -sU UDP scanning common problems
  • 15. Enumerating VOIP devicesCommon ports VOIP protocols 5060-5070, 1718-1720, 2517, …. RTP ports are allocated dynamically Management protocols TCP 21-23, 80, 443, 8088, … UDP 161, 162, 69, … IANA Internet Assigned Numbers Authority grep<vendor> www.iana.org/assignments/port-numbers
  • 16. RTP Real-time Transport Protocol RFC 1889 (1996) ->RFC 3550 (2003) Media over IP/UDP Packer reordering Used with signaling protocols (SIP, H.323, MGCP) RTCP (Real-time Transport Control Protocol) RTCP port =RTP port + 1
  • 17. RTP Attacks Call interception Attacking layers2, 3 Decoding intercepted data Injection into call Finding RTP port Injecting media stream Denial of Service RTP flood
  • 18. RTP AttacksCall interception ARP spoofing Cain & abel ettercap arpspoof (dsniff) Wireshark Telephony VOIP calls / Demo
  • 19. RTP AttacksInjection: Synchronization in RTP sequence number position in media stream +=1 timestampsampling +=1 SSRCidentifying source const (random 32 bit value) payload type codec in use
  • 20. RTPAttacksInjection Unencrypted deployment issues (debug) QoSissues key distribution UDP – connectionless Data requirements: SSRC timestamp, sequence number – monotonically increasing timestamp, sequence number - fuzzing
  • 21. RTP AttacksInjection Finding RTP port InterceptSDP Port scan Media injection Requirements frequency codec Demo SDP || nmap rtpinsertsound not working 100%?
  • 22. RTP AttacksDenial of Service Flood Low bandwidth requirements Media stream = high load Authentication - SIP and again … UDP - connectionless / Demo rtpflood
  • 23. SIP Session Initiation Protocol Application layer (TCP/UDP) ASCII header SIP header ~= e-mail header URI
  • 24. SIP Components UA (User agent), Proxy, Registrar, Redirect Call viaProxy Call via Redirect
  • 25. SIP Attacks Using somebodies PBX Extension enumeration Bruteforce extension password Caller name spoofing Registration hijacking Denial of service Busy lines
  • 26. SIPRequests INVITEindicates a client is being invited to participate in a call session BYETerminates a call and can be sent by either the caller or the callee OPTIONSQueries the capabilities of servers REGISTERRegisters the address listed in the To header field with a SIP server ACKConfirms that the client has received a final response to an INVITE request CANCELCancels any pending request more …
  • 27. SIPAnswers 1хх Informational (100 Trying, 180 Ringing) 2xx Successful (200 OK, 202 Accepted) 3xx Redirection (302 Moved Temporarily) 4xx Request Failure (404 Not Found, 482 Loop Detected) 5xx Server Failure (501 Not Implemented) 6xx Global Failure (603 Decline)
  • 29. SIP AttacksUsing somebodies PBX PBX Extension enumeration Bruteforcing passwords Making a call Practice withSipvicious svmap <ip> svwar –e<extensions> <ip> -m<REQUEST> svcrack –u<extension> -d <dictionary> <ip> Setting up asoftphone
  • 30. SIP AttacksCaller name spoofing Caller Name spoofing Softphone Practicing X-Lite Softphone–caller name spoofing Display name‘ 1=1 -- Domain ip of UA Register disable
  • 31. SIP AttacksRegistration hijacking Registration hijacking INVITE to PBX Search user in Registar Registration is in Contact header: ip address Practicing with X-Lite Register settings rate
  • 32. SIP AttacksDenial of Service Denial of Service No auth -> INVITE <- TRYING… <- Busy here HTTP digest -> INVITE generation/storingnonce Practice inviteflood
  • 33. Further reading Set up a lab http://enablesecurity.com/resources/how-to-set-up-a-voip-lab-on-a-shoe-string/ Read and practice Hacking Exposed VoIP—Voice Over IP Security Secrets & Solutions Advanced attacks “Having fun with RTP” by kapejod “SIP home gateways under fire” by AnhängteDateien Fuzzing
  • 34. QA