After completing this course you will be able to:
- Create your own custom “K” ISO, operation and configuration, attack scenarios, secrets of password security, list of useful tools and explanations.
- Understanding the Session Initiation Protocol (SIP) and Real Time Protocol (RTP). These are the two main network protocol and they’re used by all VoIP systems.
- Knowing about several VoIP attacks and performing some of that.
What will student need (course requirements, software & hardware)
- Kali Linux Distro
- Ubuntu Server Distro
- ZoIPer softphone
- Basics knowledge of networking and basics of linux
What will you learn in this workshop
Understand the Session Initiation Protocol and Real Time Protocol
- Introducing the Workshop: in this lesson the author will accomplish an easy introduction to the most used VoIP protocols: SIP and RTP. The first one is used in order to set up a call, it’s a telephone signaling protocol. With SIP a caller can make a call to a called by mean of a PBX. The latter is RTP, it’s a protocol used by a VoIP bearer which is in charge of audio/video signal transport from caller to called.
- Introduction to VoIP and its protocols: in this lesson the author will explain to he radear how to accomplish the installation and configuration of Asterisk, which is one of the most used free PBX. Moreover the author will explain to the reader also how to install and configure free softphones. At the end of this lessons the reader will be able to set up a basic call between two end points.
- Test Plant Activities: in this lesson the reader will learn how to look for a target VoIP network and then how to scan (with several techniques) it, in order to find out exploitable devices. Furthermore, the lesson will threat all that activities that should be done in order to discover the different typology of devices belonging to a VoIP network.
- Footprinting, Scanning and Enumeration: in this lesson the reader will learn about DoS methods applied to VoIP systems. At the end of the lesson the reader will know the most used techniques and tools used in order to accomplish these kinds attacks.
- DoS: this lesson is focused on those methods used in order to disturb a VoIP network by mean of a wide number of packets which have the goal to avoid that the targeted network works fine.
- Telephone Tapping: this lesson will explain to the reader how to listen a call between two VoIP end points. This kind of attacks are really important, since by mean of them the privacy of the telephone call could be violated by the attacker.
- Other VoIP Security Threats: this lesson will threat the methods used in order to inject malicious signal into the RTP altering the telephone conversation. The author will show how to accomplish this attack to the reader.
- Hardening VoIP protocols: this lesson will do an overview about fuzzy techniques used in order to test the robustness of a VoIP network. Some tools will be reported by the author in order to introduce them to the reader.
The previous lesson titles and their topics here reported could be slightly modified by the author during the workshop.
Finally, the author discharges each responsability about an inappropriate use of the informations here reported.
Your instructor: Mirko Raimondi
Mirko Raimondi obtained his Master’s degree in Computer Science from the University of Milan – Computer Science Dept. He has been working as a Software Engineer and he has been a CCNA-security in course. He’s interested in VoIP, network security and steganography methods.
SW Engineer at AIM Sportline
Programming: C, C++ and Java;
Networking: TCP, UDP, IP multicasting, IPv4/6, NAT-T, DNS, DHCP, Firewalling, Routing, 802.1q, 802.3, 802.11x;
VoIP: RTP, RTCP, SRTP, RTSP, SIP, de-Jittering, Timing, QoS, CoS;
Audio Codecs: G711, G729, G723, AMR-NB, AMR-WB;
Penetration Testing: WiFi and VoIP infrastuctures;
Linux Systems: Bash, Netfilter/IPtables, RedHat, Kali.