Phone system testing and other fun tricks

Presented at DEF CON 25 (2017), July 28, 2017, 3 p.m. (45 minutes)

Phone systems have been long forgotten in favor of more modern technology. The phreakers of the past left us a wealth of information, however while moving forward the environments as a whole have become more complex. As a result they are often forgotten, side tracked or neglected to be thoroughly tested. We’ll cover the VoIP landscape, how to test the various components while focussing on PBX and IVR testing. The security issues that may be encountered are mapped to the relative OWASP category for familiarity. Moving on I’ll demonstrate other fun ways that you can utilize a PBX within your future offensive endeavours.

Presenters:

• Owen / Snide - Hacker   as "Snide" Owen
  "Snide" Owen has worked in various IT fields from tech support to development. Combining that knowledge he moved into the security field by way of Application Security and is now on an offensive security research team. He enjoys both making and breaking, tinkering with various technologies, and has experimented for prolonged periods with PBX's and the obscure side of VoIP.

Links:

• https://defcon.org/html/defcon-25/dc-25-speakers.html#Snide
• https://infocon.org/cons/DEF CON/DEF CON 25/DEF CON 25 video and slides/DEF CON 25 - Snide Owen - Phone system testing and other fun tricks.mp4
• https://infocon.org/cons/DEF CON/DEF CON 25/DEF CON 25 video and slides/DEF CON 25 - Snide Owen - Phone system testing and other fun tricks.srt (subtitles)
• https://www.youtube.com/watch?v=jt6dpEqsda4

Similar Presentations:

• DEF CON 7 (1999) / Phreaking and PBX tricks
• HushCon East 2019 / Case study in abusing modern VoIP PBX systems
• CarolinaCon 13 (2017) / Testing Phone Systems - "I can come up with something better later"