Explore the vulnerabilities and attack vectors in Microsoft Lync (Skype for Business) environments in this Black Hat conference talk. Delve into the security challenges faced by enterprise companies using Lync services for call centers, internal communication, cloud communication, and video conferencing. Learn about the VoIP and instant messaging protocols underlying these services, and the various client types supported. Discover how modern VoIP attacks can exploit weaknesses in Lync platforms, potentially leading to unauthorized access, communication hijacking, and compromised business assets. Examine specific security issues such as open front-end and edge servers, insecure federation design, lack of encryption, and insufficient VoIP attack defenses. Gain insights into how attackers can target enterprise users and employees through client soft phones and handsets. Witness live demonstrations of newly published vulnerabilities and testing modules from the Viproy VoIP kit. Understand the potential consequences of these attacks, including privacy violations, legal issues, call/toll fraud, and intelligence collection.
Overview
Syllabus
VOIP Wars: Destroying Jar Jar Lync
Taught by
Black Hat