Workshop's eBook: Exploiting VoIP Systems. Understand the Session Initiation Protocol and Real Time Protocol


Table of Contents:


1) Introduction to VoIP and its protocols:

In this article the author will accomplish an easy introduction to the most used VoIP protocols: SIP and RTP. The first one is used in order to set up a call, it’s a telephone signaling protocol. With SIP a caller can make a call to a called by mean of a PBX. The latter is RTP, it’s a protocol used by a VoIP bearer which is in charge of audio/video signal transport from caller to called.

2) Test Plant activities:

In this article the author will explain to he radear how to accomplish the installation and configuration of Asterisk, which is one of the most used free PBX. Moreover the author will explain to the reader also how to install and configure free softphones. At the end of this lessons the reader will be able to set up a basic call between two end points.

3) Footprinting, Scanning and Enumeration:

In this article the reader will learn how to look for a target VoIP network and then how to scan (with several techniques) it, in order to find out exploitable devices. Furthermore, the lesson will threat all that activities that should be done in order to discover the different typology of devices belonging to a VoIP network.

4) DoS attacks:

In this article the reader will learn about DoS methods applied to VoIP systems. At the end of the article the reader will know the most used techniques and tools used in order to accomplish these kinds attacks.

5) Flooding attack:

This article is focused on those methods used in order to disturb a VoIP network by mean of a wide number of packets which have the goal to avoid that the targeted network works fine.

6) Telephone Tapping:

This article will explain to the reader how to listen a call between two VoIP end points. This kind of attacks are really important, since by mean of them the privacy of the telephone call could be violated by the attacker.

6) Telephone Tampering:

This article will threat the methods used in order to inject malicious signal into the RTP altering the telephone conversation. The author will show how to accomplish this attack to the reader.

7) Fuzzing:

This article will do an overview about fuzzy techniques used in order to test the robustness of a VoIP network. Some tools will be reported by the author in order to introduce them to the reader.
The previous article titles and their topics here reported could be slightly modified by the author during the eBook.


Visit the original course:

Taking part in the course will get you:

  • More material;
  • Instructor's guidance;
  • Exercises and challenges;
  • Open discussion with the instructor and other students;
  • Certificate of Completion.





July 15, 2019
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013