Exploiting VoIP Systems (W16) - Pentestmag

Requested resource is not accessible

This workshop will introduce the VoIP world to the reader, with a particular focus on the network protocols used by VoIP systems and the security holes belonging to them.
The reader will see both theoretical and practical aspects about VoIP attacks and relatives countermeasures. Several activities will be explained step by step in the following lessons.


4CPE CREDICTS


The access to this course is restricted to PenTest Premium or IT Pack Premium Subscription


After completing this course you will be able to: 

  • Create your own custom "K" ISO, operation and configuration, attack scenarios, secrets of password security, list of useful tools and explanations.
  • Understanding the Session Initiation Protocol (SIP) and Real Time Protocol (RTP). These are the two main network protocol and they’re used by all VoIP systems.
  • Knowing about several VoIP attacks and performing some of that.

What will student need (course requirements, software & hardware)

  • Kali Linux Distro
  • Ubuntu Server Distro
  • Asterisk
  • ZoIPer softphone
  • Basics knowledge of networking and basics of linux

COURSE SYLLABUS

What will you learn in this workshop


Understand the Session Initiation Protocol and Real Time Protocol

 

  1. Introducing the Workshop: in this lesson the author will accomplish an easy introduction to the most used VoIP protocols: SIP and RTP. The first one is used in order to set up a call, it’s a telephone signaling protocol. With SIP a caller can make a call to a called by mean of a PBX. The latter is RTP, it’s a protocol used by a VoIP bearer which is in charge of audio/video signal transport from caller to called.
  2. Introduction to VoIP and its protocols: in this lesson the author will explain to he radear how to accomplish the installation and configuration of Asterisk, which is one of the most used free PBX. Moreover the author will explain to the reader also how to install and  configure free softphones.  At the end of this lessons the reader will  be able to set up a basic call between two end points.
  3. Test Plant Activities: in this lesson the reader will learn how to look for a target VoIP network and then how to scan (with several techniques) it, in order to find out exploitable devices. Furthermore, the lesson will threat all that activities that should be done in order to discover the different typology of devices belonging to a VoIP network.
  4. Footprinting, Scanning and Enumeration: in this lesson the reader will learn about DoS methods applied to VoIP systems. At the end of the lesson the reader will know the most used techniques and tools used in order to accomplish these kinds attacks.
  5. DoS: this lesson is focused on those methods used in order to disturb a VoIP network by mean of a wide number of packets which have the goal to avoid that the targeted network works fine.
  6. Telephone Tapping:  this lesson  will  explain to  the reader how to  listen a call between two VoIP end points. This kind of attacks are really important, since  by mean of them  the privacy of the telephone call could be violated by the attacker.
  7. Other VoIP Security Threats: this lesson will threat the methods used in order to inject malicious signal into the RTP altering the telephone conversation. The author will show how to accomplish this attack to the reader.
  8. Hardening VoIP protocols: this lesson will do an overview about fuzzy techniques used in order to test the robustness of a VoIP network. Some tools will be reported by the author in order to introduce them to the reader.
    The previous lesson titles and their topics here reported could be slightly modified by the author during the workshop.
    Finally, the author discharges each responsability about an inappropriate use of the informations here reported.

 

 


 

Your instructor: Mirko Raimondi

mirkoMirko Raimondi obtained his Master’s degree in Computer Science from the University of Milan – Computer Science Dept. He has been working as a Software Engineer and he has been a CCNA-security in course. He’s interested in VoIP, network security and steganography methods.

SW Engineer at AIM Sportline
Programming: C, C++ and Java;
Networking: TCP, UDP, IP multicasting, IPv4/6, NAT-T, DNS, DHCP, Firewalling, Routing, 802.1q, 802.3, 802.11x;
VoIP: RTP, RTCP, SRTP, RTSP, SIP, de-Jittering, Timing, QoS, CoS;
Audio Codecs: G711, G729, G723, AMR-NB, AMR-WB;
Penetration Testing: WiFi and VoIP infrastuctures;
Linux Systems: Bash, Netfilter/IPtables, RedHat, Kali.

 

 


Contact
Questions? Reach out to us at [email protected]

Course Reviews

5

5
1 ratings
  • 5 stars1
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0
  1. VERY NICE COURSE

    5

    WELL DESIGNED COURSE
    HOPE EVERYONE WILL GET SOME FRUITFUL KNOWLEDGE FROM THIS COURSE
    I GOT A LOT
    THANKS

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023