Brute Forcing Interactive Voice Response (IVR) Systems

Presented at DEF CON 19 (2011), Unknown date/time (Unknown duration)

This talk proposes a concept about brute forcing IVR systems using popular VOIP / calling programs. The technique suggested here can be used to brute force DTMF flavored IVRs including those in the banking sector. The proposed concept attempts to integrate the VOIP program's API with existing speech APIs such as Java Speech API or Microsoft Speech SDK and build an automated IVR brute forcer.

Presenters:

• Harish Skanda Sureddy
  Harish Skanda Sureddy is a security researcher primarily focusing on application and mobile security and malware research. He has close to five years of experience and is currently employed with one of the leading consulting firms. He has presented a paper on Web Application Penetration Testing in QAI Summit 2007 in Bangalore, India and is also one of the authors of the OWASP Testing Guide v3.

Links:

• https://defcon.org/html/defcon-19/dc-19-speakers.html#Sureddy

Similar Presentations:

• BruCON 0x09 (2017) / Knock Knock... Who's there? admin admin and get in! An overview of the CMS brute-forcing malware landscape.
• ToorCon: Seattle 2011 / Highly concurrent Python for brute forcing and discovery
• DEF CON 16 (2008) / Buying Time - What is your Data Worth? (A Generalized Solution to Distributed Brute Force Attacks)