Francisco (IT Security Engineer, Lexfo)
PRESENTATION TITLE: Owning a Cisco VOIP Environment: Exploiting the Call Manager
PRESENTATION ABSTRACT:
Cisco VOIP environments are widely deployed. In this presentation we will demonstrate how it is possible to take control of an entire Cisco VOIP system by targeting the Call Manager (CUCM, Cisco Unified Communications Manager).
We will discuss the advantages of controlling a Call Manager. It is a central and core component of a VOIP network architecture. Taking control of it allows to perform several attacks. All SCCP traffic is sent to this component which means that, once controlled, it is then possible to modify these packets in order to wiretap the entire VOIP network.
We will present the methodology used to perform that audit, and will demonstrate in details how six different vulnerabilities (including five 0days) can be combined together and exploited to take full control of a Call Manager.
ABOUT FRANCISCO
Francisco is an IT security engineer at Lexfo. He has been working on exploit development, code analysis, and more recently on VOIP systems.
EVENT ORGANIZER
SUPPORTED AND ENDORSED BY
TITANIUM SPONSOR (SPEAKERS RECEPTION + POST CONFERENCE RECEPTION)
GOLD SPONSORS
SILVER SPONSORS
CTF SPONSOR
CTF PRIZE SPONSOR
INTERNET CONNECTIVITY PARTNER
ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)
HackWEEKDAY Official Ride Partner
SUPPORTING MEDIA
FRIENDS OF HITB
