Movies are such a convenient way to learn new tricks, so I will keep on adding whenever I find something interesting..

Operated by volunteers there are Honeynets all over the world trying to trap these destructive elements…

Asterisk VoIP Security Webinar

Asterisk Security Webinar

Part 1 of 4

Asterisk Security Webinar

Part 2 of 4

Asterisk Security Webinar

Part 3 of 4

Asterisk Security Webinar

Part 4 of 4

Tricking SIP Endpoints Into Divulging Authentication Credentials

A demonstration of using the VOIPPACK tool sipdigestleak against a SIP phone adapter (VoIP to normal phone). This attack tool works against soft and hardphones which support SIP. The tool is included in the March update of VOIPPACK (available as an addon to CANVAS).

SIP Digest Leak from Sandro Gauci on Vimeo.

SIP Get Ringers

Some SIP phones will simply ring when they receive an INVITE SIP message. However many phones will only ring when the INVITE message contains the extension that the phone is configured to use. This tool identifies how if a phone will ring on any extension, or when no extension is specified, or when a specific extension is given. It will also attempt to find out which extension rings the phone by performing a bruteforce attack. This tool is used together with “Ghost call” to automate the process.

SIP Get Ringers from Sandro Gauci on Vimeo.

Digest Cracker

Demonstrating an offline digest password cracker used with the VOIPPACK addon to recover VoIP passwords.

Digest Cracker from Sandro Gauci on Vimeo.

Automated Asterisk penetration testing using IAX2Autohack

IAX2Autohack is part of EnableSecurity VoIPPack which is an addon for Immunity CANVAS.

IAX2 is the protocol used by Asterisk PBX to communicate with other Asterisk boxes or with IP Phones. This demonstration shows IAX2Autohack in action. What this tool does is automate theprocess of finding Asterisk servers on the network, enumerating all the extensions and performing a bruteforce password attack. This helps identify accounts with weak passwords. After that, the demo shows how to use the extension and password with an IP Phone.

Automated Asterisk penetration testing using IAX2Autohack from Sandro Gauci on Vimeo.

Digium hosts a panel of experts to discuss issues in VoIP security. Join Special Agent Michael McAndrews of the FBI, Dan York of VOIPSA, along with Jared Smith and Tristan Degenhardt from Digium. Discover current trends in VoIP crime, best practices for securing your VoIP network, and in-depth details on Asterisk and Switchvox security.