Mar 4, 2010

Announcing BruCON Training #2: A crash course in pentesting and securing VOIP networks

BruCON is proud to announce this second training session. More training sessions will be published in the following days, so check back regularly.


As VoIP networks become more and more part of the way organizations communicate, security professionals need to understand their strengths and weaknesses. This knowledge will help them make sound decisions on the security (or lack of) of their VoIP system and network.

Attendees who follow the VoIP security training will gain valuable hands-on experience in testing VoIP equipment and networks. During the training they will make use of existent security tools as well as custom built tools to help them get the job done.

These are some of the hands-on topics that are covered:
  • VLAN Hopping
  • Fingerprinting VoIP devices
  • Abusing SIP
  • Toll fraud issues
  • Wiretapping VoIP phone calls
  • Denial of service attacks
  • Attacks on VoIP configuration interfaces
    • web application attacks
    • default configuration issues
  • Covert channels through VoIP
BIO trainers:

Sandro Gauci is the owner and Founder of EnableSecurity ( where he performs R&D and security consultancy for mid-sized companies. Sandro has over 9 years experience in the security industry and is focused on analysis of security challenges and providing solutions to such threats. His passion is vulnerability research and has previously worked together with various vendors such as Microsoft and Sun to fix security holes. Sandro is the author of the free VoIP security scanning suite SIPVicious ( and VOIPPACK for CANVAS.

Joffrey CZARNY, working for Devoteam Security Business Unit (FR). Since 2001, Joffrey is a pentester, he has released advisories on VoIP Cisco products and spoken at various security-focused conferences (Wireless Conference at Infosec Paris and Wireless Workshop at 2005, VoIP at 2007/2008 and ITunderground 2008/2009). On his site,, he maintains the Elsenot project ("") and posts video tutorials and tools on several security aspects.

For more information, visit our website.

Related posts:

No comments:

Post a Comment