4. Hack4: Attacks on VoIP Infrastructures

Hack4: Attacks on VoIP Infrastructures

Communication using Voice over IP has been common practice for a long time and is found in many business divisions. In addition to traditional telephony, audio and video conferencing, chat functions, softphones, but also, for example, communication via browsers pose current challenges for this kind of communication. This combination of communication options is known as Unified Communication (UC). However, the resulting, partly highly complex UC scenarios are risky and can severely threaten the bordering company infrastructure.

The perspective of an attacker will be adopted during a two-day workshop. The participants will eavesdrop conversations, crack encryption processes, circumvent protection measures, gain access to devices and systems, as well as escalate their privileges. The workshop shall provide a deeper insight into the methods of attackers so that participants can subsequently identify, assess and minimize the risks in their own network. Theoretical concepts will be explained and learned attack vectors tested by means of practical "hands-on" exercises.

Topics

Technical principles

  • Unified Communication and Voice over IP
  • Introduction to the technologies (SIP, RTP, WebRTC, etc.)
  • Terminology and structure
  • Encryption methods

Attack methods

  • Machine-in-the-middle attacks
  • Attacks on authentication procedures
  • Attacks on encryption procedures
  • Auto-deployment and provisioning attacks
  • Attacks on data confidentiality
  • SIP trunking attack
  • Interactive Connectivity Establishment (ICE) attacks
  • Attacks on Session Border Controllers (SBC)

Protection measures 

  • Detection possibilities
  • IT security principles
  • Configuration recommendation 
  • Best practices

Technical requirements

Basic knowledge of network technology

Duration

Three days

Trainings Awe1 "Getting to Know IT Security", Awe2 "Phishing Awareness" and Awe3 "Social Engineering Awareness"

For download in German only

Training 2023

For download in German only

Dates & Registration 2023

For download in German only

Training 2024

For download in German only

Dates & Registration 2024

For download in German only

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de | OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

GET IN TOUCH

+49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours

+49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number