| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
I've enumerated your internal network without an exploit. I've called your loved ones and told them you will be late for dinner. I've shut down your call center. I have a copy of your board meeting minutes. Can you hear me now? Often times when conducting a penetration test or vulnerability assessment, VoIP and other ?trusted? infrastructure is an overlooked (but highly effective) method to perform recon, enumeration, persistence, and even can be used as an exfiltration path for attackers. Best of all, most defenders rarely concentrate on the security these devices. Lightweight Linux-flavored legacy kernel builds, hard-coded vendor credentials, various built-in services, and weak (or not utilized) encryption and enterprise-wide provisioning practices make VoIP and associated infrastructure and juicy target in an attack scenario. This talk will cover a few case studies of real world penetration tests and vulnerability assessments where we have leveraged such devices to gain an advantage within the network. Plus, will step through vulnerability research conducted using VoIP phones from multiple vendors and some of the things possible when encountering these devices in the wild. At the end of this talk, the attendee will have a greater understanding of what to look for when on an engagement, both from an offensive and defensive angle; and walk away from the talk ready to target VoIP infrastructure and other embedded devices. Oh yeah, and some cat videos (of course). Brandon McCrillis is Senior Information Security Analyst and Consultant at Rendition InfoSec. A former Network Exploitation operator (ION) and Senior Technical Lead he executed Computer Network Exploitation (CNE) operations to fulfill critical National Level requirements in support of strategic foreign intelligence goals and cyber objectives. Brandon led teams of multi-disciplined cyber operators, conducting more than 10,000 operations globally.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast