Presented at
DEF CON 17 (2009),
Aug. 1, 2009, 3:30 p.m.
(30 minutes).
An important attack vector missing in many penetration testing and attack tools available today is the tried-and-true telephony dial-up. With the recent surge in popularity of VoIP connectivity, accessing such attack vectors has become both cheap and easy. Using the new Metasploit telephony components, users are now able to both scan for and dial up directly to telephony-accessible exploitation targets.
Presenters:
-
I)ruid
I)ruid: Over the years Dustin has been involved with many security community projects such as design and development of Sender Policy Framework (SPF) for e-mail (RFC 4408) and contributing as a core developer for the Metasploit Project. Dustin has also released numerous security tools such as the infamous PageIt! mass-paging application, the hcraft HTTP exploit-crafting framework, and the SteganRTP VoIP steganography tool. He regularly releases vulnerability and exploit advisories, speaks at security related events and conferences, and is on the Technical Advisory Board of the Voice over IP Security Alliance (VoIPSA).
Prior to joining BreakingPoint, Dustin performed VoIP security research for TippingPoint as well as founded the VIPER Lab vulnerability research group at Sipera Systems. Before Sipera, I)ruid was a Security Researcher for Citadel Security Software (acquired by McAfee) responsible for vulnerability analysis, research, and remediation within the scope of the Linux, Solaris, AIX, and HP/UX platforms.
You can find a list of his previous speaking engagements here:
http://www.caughq.org/presentations/
Links:
Similar Presentations: