ClueCon weekly is a regular video by the people behind Freeswitch and Signalwire, hosted by the very friendly David Duffet. I had the pleasure of recording an interview and a presentation with David a few weeks back. If you would like a summary of what the video chat was about, scroll down to the points below. Otherwise, hope you enjoy the chat as much as I did!
Summary
Here’s an outline of what went on:
- Introduction about my background in security, telephony and VoIP
- What we do at Enable Security (spoiler: VoIP penetration tests)
- How SIPVicious OSS came about and why I created the toolset
- About publishing offensive security tools as open source and the risk of abuse
- Promoted a bit the Awesome Real-time Communications hacking & pentesting resources
- The presentation called SIP Authentication Attacks starts at around 12:00
- Explained how VoIP man-in-the-middle attacks differ from the SIP digest leak attack
- Demonstration for a full SIP digest leak attack starts at around 26:00
- Our toolset, SIPVicious PRO was used to show the following:
- First we do a SIP extension enumeration attack
- Discover an extension that allows incoming calls, extension 2000
- Start the SIP digest leak attack using SIPVicious PRO and receive the SIP authentication digest
- This is then passed to John the Ripper which performs an offline password cracking attack on the digest hash and recovers the original password
- Discussion of solutions to the SIP digest leak vulnerability
- Usage of defensive tools and my thoughts on adding a lot of security solutions on top of existent solutions
Thanks to David Duffet for the opportunity!