May 8, 2009

Brucon Workshop #4: VOIP workshop

As we are finishing our main speaker track, expect some exciting news in the coming days. We'll begin with announcing another workshop!

Joffrey Czarny and Sandro Gauci will be giving a workshop about VOIP security.

Content of the Workshop:

The Goal of this workshop is to learn the risks and the weaknesses of default deployments of VoIP and the threaths posed by the misconfiguration of some telephony features. The workshop will provide specific guidelines and advice on how to build a secured VoIP architecture. An example of this is the use of SRTP combined to DIA/ARP guard as one of the ways to block wiretapping... Several of such features will be presented and discussed during the workshop.

Some comparative information will be presented about the security aspects of different voice vendors like Alcatel, Nortel, Cisco and Asterisk.

  • Identification of the VoIP Product
  • VLAN hopping, accessing the voice VLAN from the data VLAN
  • VoIP accounts enumeration
  • Communication wiretapping and injection of sound during a call
  • Spoofing of phone profiles and identity spoofing
  • UNISTM attack on Cisco IP phones
  • Bypass of call restrictions and voice gateway abuse
  • Grab of SIP or IAX credentials
  • Denial of Service on VoIP servers and IP phones
Joffrey CZARNY (France), working for Devoteam Security Business Unit
(FR). Since 2001, Joffrey is a pentester, he has released advisories on VoIP Cisco products and spoken at various security-focused conferences (Wireless Conference at Infosec Paris and Wireless Workshop at 2005, VoIP at 2007/2008 and ITunderground 2008/2009). On his site,, he maintains the Elsenot project ("") and posts video tutorials and tools on several security aspects.

Sandro Gauci is the owner and Founder of EnableSecurity ( where he performs R&D and security consultancy for mid-sized companies. Sandro has over 9 years experience in the security industry and is focused on analysis of security challenges and providing solutions to such threats. His passion is vulnerability research and has previously worked together with various vendors such as Microsoft and Sun to fix security holes.
Sandro is the author of the free VoIP security scanning suite SIPVicious ( and VOIPPACK for CANVAS.
Other workshops:
(Photo under creative commons from bowbrick's photostream)

No comments:

Post a Comment