Testing Phone Systems - "I can come up with something better later"

Presented at CarolinaCon 13 (2017), May 20, 2017, 1 p.m. (60 minutes)

Phone systems have been long forgotten in favor of more modern technology from the legacy that phreakers left us with and they are often neglected. This presentation will cover the types of issues that may be encountered when dealing with phone systems and map them to the relative OWASP category. We'll also cover how to test them, how attackers abuse phone systems and additional methods that can be leveraged in other offensive testing practices.

Presenters:

• Owen / Snide   as Owen (Snide)
  Owen (Snide) has worked in various IT fields from tech support to development. Combining that knowledge he moved into the security field by way of Application Security and now works on an offensive security team. He enjoys both making and breaking, tinkering with various technologies, and has experimented for prolonged periods with PBX's and the obscure side of VoIP.

Links:

• https://infocon.org/cons/CarolinaCon/CarolinaCon 13 2017/Testing Phone Systems - I can come up with something better later - Owen.mp4
• https://infocon.org/cons/CarolinaCon/CarolinaCon 13 2017/Testing Phone Systems - I can come up with something better later - Owen.srt (subtitles)
• https://www.youtube.com/watch?v=5y5guh_dffs

Similar Presentations:

• GrrCON 2018 / Over the Phone Authentication
• REcon 2014 / The Making of the Kosher Phone
• DEF CON 25 (2017) / Phone system testing and other fun tricks