Voiphreaking: Siphallis Unveiled presented at HITBSecConf Malaysia 2006

by The Grugq,

Tags: Security Analysis Testing

Summary : Presentation Title:Presentation Details:The continued explosive growth of VoIP technology deployment has not been matched by security assessment technology. This talk will present a suite of new tools for VoIP security analysis: the VoIPy toolkit. With the release of the VoIPy tool kit, in particular, SIPhallis, a major barrier to comprehensive effective VoIP penetration testing has been removed. Examining vulnerabilities within the VoIP protocol suite, as well as common deployment problems exploited, this presentation will demonstate the VoIPy tool suite as framework for exploiting these vulnerabilities — ranging from free phone calls, to spoofing caller-id.This presentation will focus on the new SIPhallis VoIP centric penetration tool, designed specifically to foster new and innovative VoIP security attacks. The talk will examine core VoIP vulnerabilities, and how SIPhallis can be used as the primary security assessment tool for a VoIP penetration test.About The GrugqThe Grugq is a domain expert consultant on VoIP security, digital forensic analysis and reverse engineering. The Grugq has spent 7 years working with all aspects of information security, from penetration testing to solutions and product development. The Grugq’s career has seen him working for financials, security consulting companies, start-ups and, most recently, founding his own information security company.The Grugq’s information security expertise ranges from penetration testing and source code auditting, through to rootkit technologies and advanced digital forensic analysis and investigation. Since 2001 the Grugq has been involved in active Voice over IP security research, recently completing successful audits for major European and Asian telcos.The Grugq’s domain expertise in VoIP security has seen him present at conferences, release advisories and complete assessments for national European and major Asian telcos. Additionally, he has developed strategic whitepapers for enterprise VoIP deployments. Based on his experiences with numerous audits, the Grugq has developed a VoIP security assessment tool suite to facilitate more accurate, effective and rapid VoIP centric penetration testing.