Hacking PBX and UC Systems: Attack Surface Analysis and Vulnerability Discovery

Explore enterprise communication vulnerabilities in this DEF CON 31 conference talk that examines attack surfaces in PBX and Unified Communications systems. Gain insights into how these critical servers manage internal and external communications through voice, video, conferencing, and messaging functionalities. Dive deep into Java's Runtime.exec(), learn techniques for decrypting encrypted PHP, discover methods for bypassing license restrictions, and understand the process of phone emulation. Follow along as security researchers demonstrate recently discovered vulnerabilities in two major PBX/UC products, ultimately revealing paths to shell access in these enterprise communication brokers.