[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

TECH TRAINING 4 - Tactical VoIP : Applied VoIPhreaking

Filed under: Main Page — Administrator @ 8:11 pm

April 13, 2006

Title: Tactical VoIP : Applied VoIPhreaking
Trainer: The Grugq (Independent Network Security Researcher)
Capacity: 24 pax
Seats left: CLASS IS CLOSED
Duration: 2 days
Cost: (per pax) RM2800 (early bird) / RM3200 (non early-bird)

Content:

Overview:

This course addresses exploiting VoIP — from end user devices through carrier grade servers — including protocol level attacks, application bugs and common dangerous deployment mistakes. The course provides deep coverage of a broad spectrum of VoIP relevant security threats:

* Hijacking
* Sniffing
* Injecting
* Interdicting
* SPITing

Starting with a bits and bytes analysis of VoIP on the wire and progessing to exploit development, you will constantly be increasing your VoIP security skills. In addition to a thorough theoretical understanding of VoIP security issues, you will directly apply your knowlege in practical VoIP workshops. Each workshop addresses an aspect of VoIP security, further deepening your understanding and completing your skill set.

You will leave with a solid grounding in VoIP security assessment, including methodology, techniques and an advanced toolset to facilitate security auditing. You will also have comprehensive knowlege of the major VoIP protocolsuites, covering signalling, media and PSTN integration. Additionally, you will have exposure to, and training with, the most powerful and flexible VoIP security assessment tool suite available.

The VoIPhreaking tool suite, based on the VoIPy library, provides a flexible framework for VoIP security analysis. Coded by the grugq, this tool suite is specifically developed for VoIP hacking. After learning how to utilize the suite, you will also be able to extend the core suite to develop new and unique exploits and tests specific to your environment or engagement.

Who should attend:

This course is ideal for penetration testers looking to expand their skill set, telecoms engineers and network administrators looking to understand emerging threats, and anyone else interested in VoIP security.



About the trainer:

The Grugq is a domain expert consultant on VoIP security, digital forensic analysis and reverse engineering. The Grugq has spent 7 years working with all aspects of information security, from penetration testing to solutions and product development. The Grugq’s career has seen him working for financials, security consulting companies, start-ups and, most recently, founding his own information security company.

The Grugq’s information security expertise ranges from penetration testing and source code auditting, through to rootkit technologies and advanced digital forensic analysis and investigation. Since 2001 the Grugq has been involved in active Voice over IP security research, recently completing successful audits for major European and Asian telcos.

The Grugq’s domain expertise in VoIP security has seen him present at conferences, release advisories and complete assessments for national European and major Asian telcos. Additionally, he has developed strategic whitepapers for enterprise VoIP deployments. Based on his experiences with numerous audits, the Grugq has developed a VoIP security assessment tool suite to facilitate more accurate, effective and rapid VoIP centric penetration testing.



Event Organizer


Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By


Malaysian Communications and Multimedia Commission (MCMC)


Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors


Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner


Internet Bandwidth Sponsor


AIMS - Malaysia's Telecommunications Hub

Official Hotel


Westin Kuala Lumpur

CTF Sponsor


Ascendsys

CTF Prize Sponsor


Scan Associates Berhad.


Our Speakers Are Supported By:


Bellua Asia Pacific


Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


HERT


ISECOM - Insititue for Security and Open Methodologies


IT Underground


Chaos Computer Club (Germany)


X-Focus China

Zone-H Defacement Mirror


Xatrix Security


SyScan


Special Interest Group in Security & Information InteGrity Singapore