Explore the vulnerabilities of Cisco hosted VoIP implementations and VoIP clients in this comprehensive Black Hat conference talk. Delve into various attack vectors, including VLAN attacks, SIP trust hacking, Skinny-based signaling attacks, authentication and authorization bypasses, call spoofing, eavesdropping, and client compromising techniques. Learn about 0-day bypass techniques for call spoofing and billing evasion, as well as LAN attacks against supportive services for IP Phones, desktop, and mobile devices. Discover practical 0-day attacks targeting IP Phone management and tenant services, along with vulnerabilities in desktop and mobile clients. Gain insights into the Viproy Penetration Testing Kit, which simplifies Cisco VoIP service attacks with its numerous modules for trust hacking, signaling attacks, unauthorized access, call spoofing, and brute-forcing VoIP accounts. Witness live demonstrations of practical VoIP attacks and the application of new Viproy modules in this eye-opening presentation on VoIP security.
Overview
Syllabus
VoIP Wars: Attack of the Cisco Phones
Taught by
Black Hat