SlideShare ist ein Scribd-Unternehmen logo

Pentesting VoIP

Als PPTX, PDF herunterladen
Vengatesh Nagarajan
Vengatesh Nagarajan

*Basics *Attack scenarios *Attack methods

Technologie
1 von 6
Pentesting voIP
Boring stuffs • allows you to make and receive telephone calls over the Internet • low international phone call rates to other countries • Protocols under voIP: • SIP(UDP -5060) • H.323 • RTP • Skype
• SIP: Requests • INVITE - establish connection • BYE - terminate • REGISTER – indicate client address to server • SIP: Responses • 1xx - responses to requests • 2xx: 200-level responses indicate a successful completion of the request • 3xx: redirection is needed for completion of the request. • 4xx: bad syntax • 5xx: The server failed to fulfil an apparently valid request • 6xx: This is a global failure
Attacks on SIP • Information gathering and foot printing • Eavesdropping and capturing traffic • VLAN hopping • Spoofing Caller ID • Identification of Denial of Service (DoS) vulnerabilities • Authentication Attacks
Demo !!
VoIP Checklist for Penetration Testers • VoIP-001 - VLAN hopping from data network to voice network • VoIP-002 - Extension Enumeration & Number Harvesting • VoIP-003 - Capturing SIP Authentication • VoIP-004 - Eavesdropping Calls • VoIP-005 - CallerID spoofing • VoIP-006 - RTP injection • VoIP-007 - Signaling Manipulation • VoIP-008 - Identification of insecure services • VoIP-009 - Testing for Default Credentials • VoIP-010 - Application level vulnerabilities • VoIP-011 - Voice Mail Attacks • VoIP-012 - Phone Firmware Analysis

Empfohlen

FreePBX Application Introduce
FreePBX Application IntroduceFreePBX Application Introduce
FreePBX Application IntroduceZack Chou
 
Sip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introSip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introHotware International Inc.
 
Sip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introSip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introHotware International Inc.
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis MPhil/MRes/BSc
 
Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Securityn|u - The Open Security Community
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
Firewall
FirewallFirewall
Firewalllyndyv
 
Voice over Internet Protocol.
Voice over Internet Protocol.Voice over Internet Protocol.
Voice over Internet Protocol.Fouzia Noor
 

Empfohlen

FreePBX Application Introduce
FreePBX Application IntroduceFreePBX Application Introduce
FreePBX Application IntroduceZack Chou
 
Sip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introSip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introHotware International Inc.
 
Sip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introSip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introHotware International Inc.
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis MPhil/MRes/BSc
 
Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Securityn|u - The Open Security Community
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
Firewall
FirewallFirewall
Firewalllyndyv
 
Voice over Internet Protocol.
Voice over Internet Protocol.Voice over Internet Protocol.
Voice over Internet Protocol.Fouzia Noor
 
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...Askozia
 
Sip & its application
Sip & its applicationSip & its application
Sip & its applicationPoulami Pal
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
VOIP services
VOIP servicesVOIP services
VOIP servicesPankaj Saharan
 
Voip
VoipVoip
VoipHardik Kakadiya
 
Voip
VoipVoip
VoipHardik Kakadiya
 
The Role of SBC in Fraud Protection
The Role of SBC in Fraud ProtectionThe Role of SBC in Fraud Protection
The Role of SBC in Fraud ProtectionAlan Percy
 
The Role of SBCs in Fraud Protection
The Role of SBCs in Fraud ProtectionThe Role of SBCs in Fraud Protection
The Role of SBCs in Fraud ProtectionTelcoBridges Inc.
 
VoIP
VoIPVoIP
VoIPamilkanthawar
 
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tDefcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tpseudor00t overflow
 
Implementing Voice Over Internet Protocol(VOIP)
Implementing Voice Over Internet Protocol(VOIP) Implementing Voice Over Internet Protocol(VOIP)
Implementing Voice Over Internet Protocol(VOIP) Michael St. John
 
Secure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishSecure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishAskozia
 
Voip
VoipVoip
VoipAbd17m
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days
 
An Evolving Era of Botnet Empires @ BSides Las Vegas
An Evolving Era of Botnet Empires @ BSides Las VegasAn Evolving Era of Botnet Empires @ BSides Las Vegas
An Evolving Era of Botnet Empires @ BSides Las VegasAndrea Scarfo
 
DinstarIndia Session Border Controller 1000
DinstarIndia Session Border Controller 1000DinstarIndia Session Border Controller 1000
DinstarIndia Session Border Controller 1000Dinstar India
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
VOIP Pros & Cons
VOIP Pros & ConsVOIP Pros & Cons
VOIP Pros & ConsZakaria Hasan
 
Mobile Dialer by Voxvalley
Mobile Dialer by VoxvalleyMobile Dialer by Voxvalley
Mobile Dialer by VoxvalleyVoxvalley .
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)Fatih Ozavci
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 

Weitere ähnliche Inhalte

Ähnlich wie Pentesting VoIP

How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...Askozia
 
Sip & its application
Sip & its applicationSip & its application
Sip & its applicationPoulami Pal
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
The Role of SBC in Fraud Protection
The Role of SBC in Fraud ProtectionThe Role of SBC in Fraud Protection
The Role of SBC in Fraud ProtectionAlan Percy
 
The Role of SBCs in Fraud Protection
The Role of SBCs in Fraud ProtectionThe Role of SBCs in Fraud Protection
The Role of SBCs in Fraud ProtectionTelcoBridges Inc.
 
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tDefcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tpseudor00t overflow
 
Implementing Voice Over Internet Protocol(VOIP)
Implementing Voice Over Internet Protocol(VOIP) Implementing Voice Over Internet Protocol(VOIP)
Implementing Voice Over Internet Protocol(VOIP) Michael St. John
 
Secure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishSecure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishAskozia
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days
 
An Evolving Era of Botnet Empires @ BSides Las Vegas
An Evolving Era of Botnet Empires @ BSides Las VegasAn Evolving Era of Botnet Empires @ BSides Las Vegas
An Evolving Era of Botnet Empires @ BSides Las VegasAndrea Scarfo
 
DinstarIndia Session Border Controller 1000
DinstarIndia Session Border Controller 1000DinstarIndia Session Border Controller 1000
DinstarIndia Session Border Controller 1000Dinstar India
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
Mobile Dialer by Voxvalley
Mobile Dialer by VoxvalleyMobile Dialer by Voxvalley
Mobile Dialer by VoxvalleyVoxvalley .
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)Fatih Ozavci
 

Ähnlich wie Pentesting VoIP (20)

How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
 
Sip & its application
Sip & its applicationSip & its application
Sip & its application
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
VOIP services
VOIP servicesVOIP services
VOIP services
 
Voip
VoipVoip
Voip
 
Voip
VoipVoip
Voip
 
The Role of SBC in Fraud Protection
The Role of SBC in Fraud ProtectionThe Role of SBC in Fraud Protection
The Role of SBC in Fraud Protection
 
The Role of SBCs in Fraud Protection
The Role of SBCs in Fraud ProtectionThe Role of SBCs in Fraud Protection
The Role of SBCs in Fraud Protection
 
VoIP
VoIPVoIP
VoIP
 
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tDefcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
 
Implementing Voice Over Internet Protocol(VOIP)
Implementing Voice Over Internet Protocol(VOIP) Implementing Voice Over Internet Protocol(VOIP)
Implementing Voice Over Internet Protocol(VOIP)
 
Secure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishSecure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, English
 
Voip
VoipVoip
Voip
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshop
 
An Evolving Era of Botnet Empires @ BSides Las Vegas
An Evolving Era of Botnet Empires @ BSides Las VegasAn Evolving Era of Botnet Empires @ BSides Las Vegas
An Evolving Era of Botnet Empires @ BSides Las Vegas
 
DinstarIndia Session Border Controller 1000
DinstarIndia Session Border Controller 1000DinstarIndia Session Border Controller 1000
DinstarIndia Session Border Controller 1000
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
 
VOIP Pros & Cons
VOIP Pros & ConsVOIP Pros & Cons
VOIP Pros & Cons
 
Mobile Dialer by Voxvalley
Mobile Dialer by VoxvalleyMobile Dialer by Voxvalley
Mobile Dialer by Voxvalley
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
 

Kürzlich hochgeladen

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Kürzlich hochgeladen (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Pentesting VoIP

  • 2. Boring stuffs • allows you to make and receive telephone calls over the Internet • low international phone call rates to other countries • Protocols under voIP: • SIP(UDP -5060) • H.323 • RTP • Skype
  • 3. • SIP: Requests • INVITE - establish connection • BYE - terminate • REGISTER – indicate client address to server • SIP: Responses • 1xx - responses to requests • 2xx: 200-level responses indicate a successful completion of the request • 3xx: redirection is needed for completion of the request. • 4xx: bad syntax • 5xx: The server failed to fulfil an apparently valid request • 6xx: This is a global failure
  • 4. Attacks on SIP • Information gathering and foot printing • Eavesdropping and capturing traffic • VLAN hopping • Spoofing Caller ID • Identification of Denial of Service (DoS) vulnerabilities • Authentication Attacks
  • 6. VoIP Checklist for Penetration Testers • VoIP-001 - VLAN hopping from data network to voice network • VoIP-002 - Extension Enumeration & Number Harvesting • VoIP-003 - Capturing SIP Authentication • VoIP-004 - Eavesdropping Calls • VoIP-005 - CallerID spoofing • VoIP-006 - RTP injection • VoIP-007 - Signaling Manipulation • VoIP-008 - Identification of insecure services • VoIP-009 - Testing for Default Credentials • VoIP-010 - Application level vulnerabilities • VoIP-011 - Voice Mail Attacks • VoIP-012 - Phone Firmware Analysis