Sergey Gordeychik gave a presentation on how to hack telecom networks and stay alive. He discussed that telecom networks have many perimeters including subscribers, partners, offices, and technology networks. He outlined specific attacks such as gaining unauthorized access to subscriber self-service portals or exploiting vulnerabilities in VoIP infrastructure. Gordeychik emphasized that telecom networks are complex with many third-party systems, exotic technologies, and administrative issues that can enable attacks if not properly secured. Forensics after an attack can also be very challenging in these large, dynamic networks.
How to hack a telecom and stay alive
Speaker: Sergey Gordeychik
Penetration testing of telecommunication companies' networks is one of the most complicated and interesting tasks of this kind. Millions of IPs, thousands of nodes, hundreds of Web servers and only one spare month. What challenges are waiting for an auditor during the telecom network testing? What to pay attention on? How to use the working time more effectively? Why is the subscriber more dangerous than hacker? Why is contractor more dangerous than subscriber? How to connect vulnerability with financial losses? Sergey Gordeychik will tell about it and the most significant and funny cases of penetration testing of telecommunication networks in his report.
This document provides an overview and agenda for a presentation on attacking Cisco VoIP environments. It discusses discovering the VoIP network configuration and gaining access to the voice VLAN. It covers attacking Cisco Unified Communications Manager, SIP services, and Skinny services used for Cisco IP phones. It also addresses vulnerabilities in hosted VoIP services, tenant management portals, and IP phone management services that could allow privilege escalation or unauthorized access. The presentation aims to demonstrate real attacks on these systems using tools like Viproy and Metasploit.
The document discusses using inexpensive prepaid phones to conduct telephony denial-of-service (TDoS) attacks. It describes how the phones can be modified by unlocking their bootloaders and flashing them with custom firmware, allowing them to make thousands of spoofed calls in order to crash a target organization's phone system. The document shows how a kit with multiple modified phones, solar chargers, and other basic equipment could be used to conduct sustained TDoS attacks for around $21.
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"Quobis
WebRTC inherits all the threats of traditional VoIP services together with existing web attacks. In this session Antón Román will explain this together with ad-hoc WebRTC attacks and ways to deal with Identity and keep the services secure.
- VoIP attacks Denial of service. Fraud. Illegal interception. Illegal control.
- Adhoc WebRTC attacks: malicious HTML code. Webservers. Forced DoS. Cam/mic control. Etc.
- Protection: Role of border elements (SBC, media gateways,...). WebRTC Portal and web servers. Browser mechanisms
- Identity Management: Anonymous calls. OpenID and third parties. Telco identity. Real implementations
- VoIP attacks Denial of service. Fraud. Illegal interception. Illegal control.
- Adhoc WebRTC attacks: malicious HTML code. Webservers. Forced DoS. Cam/mic control. Etc.
- Protection: Role of border elements (SBC, media gateways,...). WebRTC Portal and web servers. Browser mechanisms
- Identity Management: Anonymous calls. OpenID and third parties. Telco identity. Real implementations
Cesar Cerrudo discovered that traffic control systems using wireless sensors from Sensys Networks were insecure. The sensors had no encryption or authentication, allowing anyone nearby to manipulate traffic patterns. He was able to hack into sensors in multiple countries. Cerrudo showed that low-cost attacks could potentially cause traffic jams or accidents. He warned that critical infrastructure should be properly secured before use.
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisP1Security
HLR and HSS are the most important Telecom Equipment in an Operator Core
Network.
We are going to see that this so-called “Critical Infrastructure” is not
as robust as you could think, by exploring the some weaknesses of the
HLR/HSS equipment.
Plan:
* Virtualization of HLR/HSS, for instrumentation purposes
* HLR/HSS system analysis
* SS7/Diameter network fuzzing
* HLR/HSS binaries reverse
The Indonesian Community for Hackers and Open Source (ECHO) is a group focused on hacking and open source activities. Founded in 2003, ECHO has 13 staff members and over 11,000 mailing list members. The group publishes newsletters, advisories, and maintains forums to share information about hacking techniques and open source projects.
How to hack a telecom and stay alive
Speaker: Sergey Gordeychik
Penetration testing of telecommunication companies' networks is one of the most complicated and interesting tasks of this kind. Millions of IPs, thousands of nodes, hundreds of Web servers and only one spare month. What challenges are waiting for an auditor during the telecom network testing? What to pay attention on? How to use the working time more effectively? Why is the subscriber more dangerous than hacker? Why is contractor more dangerous than subscriber? How to connect vulnerability with financial losses? Sergey Gordeychik will tell about it and the most significant and funny cases of penetration testing of telecommunication networks in his report.
This document provides an overview and agenda for a presentation on attacking Cisco VoIP environments. It discusses discovering the VoIP network configuration and gaining access to the voice VLAN. It covers attacking Cisco Unified Communications Manager, SIP services, and Skinny services used for Cisco IP phones. It also addresses vulnerabilities in hosted VoIP services, tenant management portals, and IP phone management services that could allow privilege escalation or unauthorized access. The presentation aims to demonstrate real attacks on these systems using tools like Viproy and Metasploit.
The document discusses using inexpensive prepaid phones to conduct telephony denial-of-service (TDoS) attacks. It describes how the phones can be modified by unlocking their bootloaders and flashing them with custom firmware, allowing them to make thousands of spoofed calls in order to crash a target organization's phone system. The document shows how a kit with multiple modified phones, solar chargers, and other basic equipment could be used to conduct sustained TDoS attacks for around $21.
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"Quobis
WebRTC inherits all the threats of traditional VoIP services together with existing web attacks. In this session Antón Román will explain this together with ad-hoc WebRTC attacks and ways to deal with Identity and keep the services secure.
- VoIP attacks Denial of service. Fraud. Illegal interception. Illegal control.
- Adhoc WebRTC attacks: malicious HTML code. Webservers. Forced DoS. Cam/mic control. Etc.
- Protection: Role of border elements (SBC, media gateways,...). WebRTC Portal and web servers. Browser mechanisms
- Identity Management: Anonymous calls. OpenID and third parties. Telco identity. Real implementations
- VoIP attacks Denial of service. Fraud. Illegal interception. Illegal control.
- Adhoc WebRTC attacks: malicious HTML code. Webservers. Forced DoS. Cam/mic control. Etc.
- Protection: Role of border elements (SBC, media gateways,...). WebRTC Portal and web servers. Browser mechanisms
- Identity Management: Anonymous calls. OpenID and third parties. Telco identity. Real implementations
Cesar Cerrudo discovered that traffic control systems using wireless sensors from Sensys Networks were insecure. The sensors had no encryption or authentication, allowing anyone nearby to manipulate traffic patterns. He was able to hack into sensors in multiple countries. Cerrudo showed that low-cost attacks could potentially cause traffic jams or accidents. He warned that critical infrastructure should be properly secured before use.
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisP1Security
HLR and HSS are the most important Telecom Equipment in an Operator Core
Network.
We are going to see that this so-called “Critical Infrastructure” is not
as robust as you could think, by exploring the some weaknesses of the
HLR/HSS equipment.
Plan:
* Virtualization of HLR/HSS, for instrumentation purposes
* HLR/HSS system analysis
* SS7/Diameter network fuzzing
* HLR/HSS binaries reverse
The Indonesian Community for Hackers and Open Source (ECHO) is a group focused on hacking and open source activities. Founded in 2003, ECHO has 13 staff members and over 11,000 mailing list members. The group publishes newsletters, advisories, and maintains forums to share information about hacking techniques and open source projects.
Presented at Kiwicon II (2008) This talk is the culmination of many years of whispering sweet nothings to phones and as such will focus on the interesting things which can be found on the remote end of phone lines (PaBX\'s, Voice Mail Systems, IVR\'s).
There will be a discussion of the latest techniques and tools and we will cover examples of what to look for when auditing and hacking phone systems. We\'ll delve into what can be found hidden in phat corporate number blocks, and touch on topics such as remote evesdropping and pin security. There will be demonstration of what can be gained by harnessing the awesome power of VoIP.
As presented at ITExpo 2017 and the April Peerlyst Tel-Aviv security Meetup.
Can your company afford to ignore VoIP security? With the number of attacks on your telephone services and mobile devices your chance of being attacked and financial liability is at an all time high. This session offers an introductory primer to securing your VoIP PBX. This talk will include explanations about common attacks, how they can find you, and common techniques you can use to defend your company.
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as call centre, internal communication, cloud communication and video conference platform. These services are based on the VoIP and instant messaging protocols, and support multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also the official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with .NET framework. Although the Microsoft Lync platform has been developed along with the new technologies, it still suffers from old VoIP, teleconference and platform issues.
Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks and insecure compatibility options may allow attackers to hijack enterprise communications. The enterprise users and employees are also the next generation targets for these attackers. They can attack client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead to privacy violations, legal issues, call/toll fraud and intelligence collection.
Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules of the Viproy VoIP kit developed by the speaker. This will be accompanied by live demonstrations against a test environment.
• A brief introduction to Microsoft Lync ecosystem
• Security requirements, design vulnerabilities and priorities
• Modern threats against commercial Microsoft Lync services
• Demonstration of new attack vectors against target test platform
This document provides an overview of distributed denial of service (DDoS) attacks, including how they work, common techniques used, and strategies for mitigating them. It defines DDoS attacks as attempts to exhaust the resources of networks, applications, or services to deny access to legitimate users. The document discusses how botnets are commonly used to launch large-scale DDoS attacks from multiple sources simultaneously. It also outlines best practices for selecting DDoS protection devices, emphasizing the importance of up-to-date detection techniques, low latency, and customized hardware-based logic to withstand major attacks.
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsTEO LT, AB
Kaip nuo jų apsisaugoti? Kaip susijusios kompiuterių apsaugos sistemos ir vartotojų reputacija?
Pranešimo autorius – Rainer Baeder. Įmonės „Fortinet“ sprendimų konsultacijų centro vadovas (Vokietija).
Pranešimas skaitytas konferencijoje – INFORMACINIŲ SISTEMŲ SAUGUMAS, vykusioje 2013 m. balandžio 11d., skirtoje valstybės institucijų ir valstybinės reikšmės organizacijoms.
This document discusses security vulnerabilities in hosted VoIP environments. It summarizes techniques for attacking Cisco phones and VoIP infrastructure, including spoofing caller ID, manipulating SIP trust relationships, and escalating privileges on Cisco Unified Communications Manager and VOSS Domain Manager services. The document outlines methods for gaining persistent access to networks and manipulating call forwarding, speed dials and other phone settings.
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Positive Hack Days
The document describes how to build surveillance capabilities ("Big Brother") using vulnerabilities in internet-connected devices. It details steps like identifying devices using techniques like WHOIS lookups and fingerprinting, injecting code by exploiting firmware vulnerabilities or uploading modified firmware, intercepting data in transit, cloning SIM cards, infecting device operating systems, and creating advanced persistent threats between compromised devices. It provides examples of exploited vulnerabilities and references other researchers in the area. The goal is mass surveillance of users, with acknowledgment that many are unaware of the privacy and security risks.
SIP Threat Management device which is released by ALLO.COM is installed in front of any SIP based PBX system or VOIP gateway and offers extra layers of security against numerous types of attacks that are targeted towards IP telephony infrastructure. The features offered by the STM complement those of a traditional firewall or UTM, and it can be installed in conjunction with a UTM.
Instead of losing thousands of dollars due to the victim of VOIP attacks, invest on 300$ worth of ALLO STM, which is plug & play.
Investing in an STM to protect your communications network is a must.
This document provides an overview of network troubleshooting techniques and tools. It discusses focusing on understanding basics and standard troubleshooting tools like ping first before trying more advanced methods. Documentation of network configurations, changes, and issues is emphasized. A variety of Linux command line tools are also introduced for examining network connectivity and performance issues like netstat, ifconfig, route, traceroute, and packet capture tools.
This is my Athcon 2013 slide set. I also demonstrated that attacking mobile applications via SIP Trust, scanning via SIP proxies and MITM fuzzing in Live Demo.
This document discusses security issues and solutions related to Voice over IP (VoIP) systems. It begins with an introduction to VoIP and how it works, describing the protocols used including SIP, H.323, MGCP and RTP. It then outlines various security attacks on VoIP systems such as eavesdropping, denial of service attacks, and masquerading. Finally, it discusses approaches to enhancing VoIP security, including using encryption, firewalls, authentication, and secure protocols like SRTP.
1. The document discusses common attacks on local area networks (LANs), including spoofing, man-in-the-middle attacks, sniffing, TCP/IP session hijacking, remote code execution, and denial-of-service attacks.
2. It describes how each attack works and provides examples of how it could be carried out on a LAN. Specific techniques mentioned include ARP cache poisoning, IP spoofing, DHCP spoofing, switch port stealing, and buffer overflows.
3. The document recommends defenses against these attacks such as using switches instead of hubs, static ARP entries, port security, VLAN segmentation, encryption, firewalls, patching, and monitoring tools. Regular auditing and updating systems is
XO _Hosted Security Product Overview__v.21 (1)Pasquale Tursi
This document provides an overview of XO Communications' Hosted Security product. It is a cloud-based network security solution that fully manages and integrates solutions like next-generation firewalls, intrusion detection and prevention, web filtering, secure remote access, and a secure VPN. It allows customers to gain robust security protection without making capital expenditures or increasing staff. The solution is hosted on XO's network and provides high availability, scalability, and centralized management through an online customer portal.
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
This document describes how to hack the trust relationships between SIP proxies by spoofing SIP INVITE requests. It involves sending IP spoofed INVITEs from a trusted operator's network to detect the IP address and port of another operator's SIP trunk, which accepts calls without authentication. A template INVITE is prepared and looped through possible IP/port combinations. If a call is received, the spoofed SIP trunk details have been discovered and can be used to initiate fake calls.
This document discusses state-actor surveillance techniques including hardware bugs, software exploits, and compromising cellular and WiFi networks. It describes various surveillance device codenames like "RAGEMASTER" and "HOWLERMONKEY" and explains how hardware can be implanted or firmware hacked to enable persistent surveillance. The document advocates for detection of these devices and urges caution but also skepticism of conspiracy theories without evidence. It provides sources for further reading on technical surveillance techniques.
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceFatih Ozavci
Enterprise companies are using consumer and IoT devices to complete (or expand) their services such as broadband, IPTV, media streaming, satellite, voice and 3G/4G services. Although the devices are owned by the service providers, subscribers have limited (or full) access to them with service agreements. In addition to that, some of consumer devices also have roles on corporate communications, environment security or employee services. Consumer devices are located at subscriber premises; therefore, the traditional security testing approach only covers backend services security, not the devices.
Consumer and IoT devices are susceptible to hardware hacking based attacks such as firmware dumping, re-flashing with a custom firmware, and getting low level access using the physical management interfaces such as SPI, JTAG and UART. Low level access obtained can be used to modify device behaviours or their initial states. This helps attackers to debug consumer devices and operator services, to find new vulnerabilities, and to obtain the device configuration which may contain credentials for the service infrastructure.
Embedded device and hardware hacking is a rising skill set for penetration testers. It is required to understand targeted attacks which may include hardware implants, modified hardware attacking their own infrastructure or compromised devices that target the human factor. Some of advanced testing examples to be discussed are preparing a custom hardware for persistent access during a red teaming exercise, preparing a compromised consumer device for human factor pen-testing, attacking TR-069 services of a provider using smart home modems or altering the security controls of a device to abuse the service.
The presentation focuses on how the existing security testing techniques should be evolved with hardware and IoT hacking, and how service providers can make their infrastructure secure for cutting-edge attacks. Essential hardware hacking information, identifying and using physical management interfaces, hardware hacking toolset, well-known hardware attacks and hardware testing procedure will be presented in a road map for consumer devices security testing. Also a security testing approach will be explained to develop new security testing services and to improve existing ones such as red teaming, human factor pen-testing and infrastructure pen-testing.
This module covers Trojans and backdoors. It begins with an introduction to Trojans, describing them as small programs that run hidden on infected computers and allow attackers access. It then discusses overt and covert channels, the different types of Trojans including remote access and data-sending Trojans, and how Trojans can get into systems. The document provides indications of Trojan attacks, popular Trojans found in the wild like Tini and NetBus, and tools used to send Trojans like wrappers and packaging tools. It also discusses techniques like ICMP tunneling, HTTP Trojans, and reverse connecting Trojans. Finally, it discusses tools for detecting and preventing Trojan infections.
This document provides an overview of botnets and tools for their detection. It discusses what botnets are, their life cycle, common botnets like SDBot and Agobot, and how they are used. It also outlines techniques for botnet detection including analyzing network infrastructure and logs, using intrusion detection systems, deploying honeypots and darknets, and forensic analysis. The document specifically describes the Ourmon tool for anomaly detection based on TCP and UDP traffic analysis.
Wireless networks are vulnerable to attacks if not properly secured. The document provides guidance on securing wireless networks through steps like enabling WPA2 encryption, changing default passwords, disabling unneeded services, updating firmware, using firewalls and intrusion detection. It emphasizes implementing a layered security approach using policies, procedures, logging, monitoring and educating users to protect wireless networks and the overall infrastructure.
Firewall protection is the one that controls and monitors the network traffic whether it is incoming or outgoing on predetermined rules of security. It is basically a barrier or a shield applied specifically to save your PC, phone or tablet from the malwares of external world that exist in abundance on the internet.
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
Hacking telecommunication companies presents unique challenges and opportunities for attackers. Some key points include:
- Telecom networks are large with many interconnected systems and perimeters owned by third parties.
- Attacks can target subscribers by exploiting weaknesses in broadband access, mobile networks, or subscriber-facing web portals.
- Network infrastructure and subscriber equipment often have vulnerabilities like default credentials, outdated software or misconfigurations.
- Less traditional systems like VOIP gateways, wireless access points or control systems may be overlooked but contain vulnerabilities.
- Partner resources and systems are sometimes co-located with the telecom's own infrastructure, providing a path into the network.
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
Sergey Gordeychik discussed how to hack telecommunication companies while avoiding illegal activity. He explained that telecom networks have many perimeters, partners, contractors, and technology that could be vulnerable. Specific risks included attacks against subscribers by guessing passwords, malware, or fraud. Pentesters should thoroughly examine the network for any overlooked systems or misconfigurations while respecting all laws and client approvals. Forensics after an incident would also be very challenging in large telecom networks with many access points.
Presented at Kiwicon II (2008) This talk is the culmination of many years of whispering sweet nothings to phones and as such will focus on the interesting things which can be found on the remote end of phone lines (PaBX\'s, Voice Mail Systems, IVR\'s).
There will be a discussion of the latest techniques and tools and we will cover examples of what to look for when auditing and hacking phone systems. We\'ll delve into what can be found hidden in phat corporate number blocks, and touch on topics such as remote evesdropping and pin security. There will be demonstration of what can be gained by harnessing the awesome power of VoIP.
As presented at ITExpo 2017 and the April Peerlyst Tel-Aviv security Meetup.
Can your company afford to ignore VoIP security? With the number of attacks on your telephone services and mobile devices your chance of being attacked and financial liability is at an all time high. This session offers an introductory primer to securing your VoIP PBX. This talk will include explanations about common attacks, how they can find you, and common techniques you can use to defend your company.
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as call centre, internal communication, cloud communication and video conference platform. These services are based on the VoIP and instant messaging protocols, and support multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also the official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with .NET framework. Although the Microsoft Lync platform has been developed along with the new technologies, it still suffers from old VoIP, teleconference and platform issues.
Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks and insecure compatibility options may allow attackers to hijack enterprise communications. The enterprise users and employees are also the next generation targets for these attackers. They can attack client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead to privacy violations, legal issues, call/toll fraud and intelligence collection.
Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules of the Viproy VoIP kit developed by the speaker. This will be accompanied by live demonstrations against a test environment.
• A brief introduction to Microsoft Lync ecosystem
• Security requirements, design vulnerabilities and priorities
• Modern threats against commercial Microsoft Lync services
• Demonstration of new attack vectors against target test platform
This document provides an overview of distributed denial of service (DDoS) attacks, including how they work, common techniques used, and strategies for mitigating them. It defines DDoS attacks as attempts to exhaust the resources of networks, applications, or services to deny access to legitimate users. The document discusses how botnets are commonly used to launch large-scale DDoS attacks from multiple sources simultaneously. It also outlines best practices for selecting DDoS protection devices, emphasizing the importance of up-to-date detection techniques, low latency, and customized hardware-based logic to withstand major attacks.
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsTEO LT, AB
Kaip nuo jų apsisaugoti? Kaip susijusios kompiuterių apsaugos sistemos ir vartotojų reputacija?
Pranešimo autorius – Rainer Baeder. Įmonės „Fortinet“ sprendimų konsultacijų centro vadovas (Vokietija).
Pranešimas skaitytas konferencijoje – INFORMACINIŲ SISTEMŲ SAUGUMAS, vykusioje 2013 m. balandžio 11d., skirtoje valstybės institucijų ir valstybinės reikšmės organizacijoms.
This document discusses security vulnerabilities in hosted VoIP environments. It summarizes techniques for attacking Cisco phones and VoIP infrastructure, including spoofing caller ID, manipulating SIP trust relationships, and escalating privileges on Cisco Unified Communications Manager and VOSS Domain Manager services. The document outlines methods for gaining persistent access to networks and manipulating call forwarding, speed dials and other phone settings.
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Positive Hack Days
The document describes how to build surveillance capabilities ("Big Brother") using vulnerabilities in internet-connected devices. It details steps like identifying devices using techniques like WHOIS lookups and fingerprinting, injecting code by exploiting firmware vulnerabilities or uploading modified firmware, intercepting data in transit, cloning SIM cards, infecting device operating systems, and creating advanced persistent threats between compromised devices. It provides examples of exploited vulnerabilities and references other researchers in the area. The goal is mass surveillance of users, with acknowledgment that many are unaware of the privacy and security risks.
SIP Threat Management device which is released by ALLO.COM is installed in front of any SIP based PBX system or VOIP gateway and offers extra layers of security against numerous types of attacks that are targeted towards IP telephony infrastructure. The features offered by the STM complement those of a traditional firewall or UTM, and it can be installed in conjunction with a UTM.
Instead of losing thousands of dollars due to the victim of VOIP attacks, invest on 300$ worth of ALLO STM, which is plug & play.
Investing in an STM to protect your communications network is a must.
This document provides an overview of network troubleshooting techniques and tools. It discusses focusing on understanding basics and standard troubleshooting tools like ping first before trying more advanced methods. Documentation of network configurations, changes, and issues is emphasized. A variety of Linux command line tools are also introduced for examining network connectivity and performance issues like netstat, ifconfig, route, traceroute, and packet capture tools.
This is my Athcon 2013 slide set. I also demonstrated that attacking mobile applications via SIP Trust, scanning via SIP proxies and MITM fuzzing in Live Demo.
This document discusses security issues and solutions related to Voice over IP (VoIP) systems. It begins with an introduction to VoIP and how it works, describing the protocols used including SIP, H.323, MGCP and RTP. It then outlines various security attacks on VoIP systems such as eavesdropping, denial of service attacks, and masquerading. Finally, it discusses approaches to enhancing VoIP security, including using encryption, firewalls, authentication, and secure protocols like SRTP.
1. The document discusses common attacks on local area networks (LANs), including spoofing, man-in-the-middle attacks, sniffing, TCP/IP session hijacking, remote code execution, and denial-of-service attacks.
2. It describes how each attack works and provides examples of how it could be carried out on a LAN. Specific techniques mentioned include ARP cache poisoning, IP spoofing, DHCP spoofing, switch port stealing, and buffer overflows.
3. The document recommends defenses against these attacks such as using switches instead of hubs, static ARP entries, port security, VLAN segmentation, encryption, firewalls, patching, and monitoring tools. Regular auditing and updating systems is
XO _Hosted Security Product Overview__v.21 (1)Pasquale Tursi
This document provides an overview of XO Communications' Hosted Security product. It is a cloud-based network security solution that fully manages and integrates solutions like next-generation firewalls, intrusion detection and prevention, web filtering, secure remote access, and a secure VPN. It allows customers to gain robust security protection without making capital expenditures or increasing staff. The solution is hosted on XO's network and provides high availability, scalability, and centralized management through an online customer portal.
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
This document describes how to hack the trust relationships between SIP proxies by spoofing SIP INVITE requests. It involves sending IP spoofed INVITEs from a trusted operator's network to detect the IP address and port of another operator's SIP trunk, which accepts calls without authentication. A template INVITE is prepared and looped through possible IP/port combinations. If a call is received, the spoofed SIP trunk details have been discovered and can be used to initiate fake calls.
This document discusses state-actor surveillance techniques including hardware bugs, software exploits, and compromising cellular and WiFi networks. It describes various surveillance device codenames like "RAGEMASTER" and "HOWLERMONKEY" and explains how hardware can be implanted or firmware hacked to enable persistent surveillance. The document advocates for detection of these devices and urges caution but also skepticism of conspiracy theories without evidence. It provides sources for further reading on technical surveillance techniques.
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceFatih Ozavci
Enterprise companies are using consumer and IoT devices to complete (or expand) their services such as broadband, IPTV, media streaming, satellite, voice and 3G/4G services. Although the devices are owned by the service providers, subscribers have limited (or full) access to them with service agreements. In addition to that, some of consumer devices also have roles on corporate communications, environment security or employee services. Consumer devices are located at subscriber premises; therefore, the traditional security testing approach only covers backend services security, not the devices.
Consumer and IoT devices are susceptible to hardware hacking based attacks such as firmware dumping, re-flashing with a custom firmware, and getting low level access using the physical management interfaces such as SPI, JTAG and UART. Low level access obtained can be used to modify device behaviours or their initial states. This helps attackers to debug consumer devices and operator services, to find new vulnerabilities, and to obtain the device configuration which may contain credentials for the service infrastructure.
Embedded device and hardware hacking is a rising skill set for penetration testers. It is required to understand targeted attacks which may include hardware implants, modified hardware attacking their own infrastructure or compromised devices that target the human factor. Some of advanced testing examples to be discussed are preparing a custom hardware for persistent access during a red teaming exercise, preparing a compromised consumer device for human factor pen-testing, attacking TR-069 services of a provider using smart home modems or altering the security controls of a device to abuse the service.
The presentation focuses on how the existing security testing techniques should be evolved with hardware and IoT hacking, and how service providers can make their infrastructure secure for cutting-edge attacks. Essential hardware hacking information, identifying and using physical management interfaces, hardware hacking toolset, well-known hardware attacks and hardware testing procedure will be presented in a road map for consumer devices security testing. Also a security testing approach will be explained to develop new security testing services and to improve existing ones such as red teaming, human factor pen-testing and infrastructure pen-testing.
This module covers Trojans and backdoors. It begins with an introduction to Trojans, describing them as small programs that run hidden on infected computers and allow attackers access. It then discusses overt and covert channels, the different types of Trojans including remote access and data-sending Trojans, and how Trojans can get into systems. The document provides indications of Trojan attacks, popular Trojans found in the wild like Tini and NetBus, and tools used to send Trojans like wrappers and packaging tools. It also discusses techniques like ICMP tunneling, HTTP Trojans, and reverse connecting Trojans. Finally, it discusses tools for detecting and preventing Trojan infections.
This document provides an overview of botnets and tools for their detection. It discusses what botnets are, their life cycle, common botnets like SDBot and Agobot, and how they are used. It also outlines techniques for botnet detection including analyzing network infrastructure and logs, using intrusion detection systems, deploying honeypots and darknets, and forensic analysis. The document specifically describes the Ourmon tool for anomaly detection based on TCP and UDP traffic analysis.
Wireless networks are vulnerable to attacks if not properly secured. The document provides guidance on securing wireless networks through steps like enabling WPA2 encryption, changing default passwords, disabling unneeded services, updating firmware, using firewalls and intrusion detection. It emphasizes implementing a layered security approach using policies, procedures, logging, monitoring and educating users to protect wireless networks and the overall infrastructure.
Firewall protection is the one that controls and monitors the network traffic whether it is incoming or outgoing on predetermined rules of security. It is basically a barrier or a shield applied specifically to save your PC, phone or tablet from the malwares of external world that exist in abundance on the internet.
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
Hacking telecommunication companies presents unique challenges and opportunities for attackers. Some key points include:
- Telecom networks are large with many interconnected systems and perimeters owned by third parties.
- Attacks can target subscribers by exploiting weaknesses in broadband access, mobile networks, or subscriber-facing web portals.
- Network infrastructure and subscriber equipment often have vulnerabilities like default credentials, outdated software or misconfigurations.
- Less traditional systems like VOIP gateways, wireless access points or control systems may be overlooked but contain vulnerabilities.
- Partner resources and systems are sometimes co-located with the telecom's own infrastructure, providing a path into the network.
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
Sergey Gordeychik discussed how to hack telecommunication companies while avoiding illegal activity. He explained that telecom networks have many perimeters, partners, contractors, and technology that could be vulnerable. Specific risks included attacks against subscribers by guessing passwords, malware, or fraud. Pentesters should thoroughly examine the network for any overlooked systems or misconfigurations while respecting all laws and client approvals. Forensics after an incident would also be very challenging in large telecom networks with many access points.
WebRTC introduces new security considerations for real-time communications. The document discusses various VoIP attacks that could impact WebRTC like denial of service, fraud, and illegal interception. It also examines vulnerabilities from accessing devices, signaling sent in plain text, and cross protocol attacks. The presentation recommends using TLS for signaling, getting user permission for devices, DTLS-SRTP for media encryption, and identity management through providers. Integrating WebRTC with IMS can leverage the authentication of IMS subscriptions for web credentials.
This document summarizes a presentation about network traffic monitoring and analysis. It discusses traditional monitoring tools like SNMP and newer tools that provide deeper traffic visibility. It explains how flow monitoring works and standards like NetFlow. The presentation also demonstrates how tools can analyze flow data to detect security issues, troubleshoot problems, and capture packets for forensic analysis. Real examples are shown of using these techniques to identify a malware infection and resolve a email delivery problem.
The document discusses cybersecurity issues related to IoT devices. It begins by describing the 2016 Mirai botnet attacks, which exploited vulnerabilities in IoT devices like IP cameras and DVRs to take down major websites. The document then analyzes the current security situations of IoT, finding that many devices have vulnerabilities due to a lack of focus on security by manufacturers. It also notes that IoT devices could potentially be used as "weapons of mass destruction" due to their ubiquity, connectivity and potential access to users' daily lives. The rest of the document examines common vulnerabilities and attack vectors in IoT devices.
Computer Network Case Study - bajju.pptxShivamBajaj36
This document discusses various computer network attacks and vulnerabilities. It covers topics like ransomware, IoT attacks, social engineering, man-in-the-middle attacks, denial of service attacks, distributed denial of service attacks, SQL injection, SSL stripping, URL misinterpretation, directory browsing, input validation vulnerabilities, and vulnerabilities in each layer of the OSI model. The goal is to provide an overview of common network attacks and how they can be carried out.
From the Internet of Things to Intelligent Systems: A Developer's PrimerRick G. Garibay
This document provides an overview of moving from traditional Internet of Things (IoT) connectivity models to more intelligent systems using service-assisted communications. It discusses challenges with default connectivity models that rely on giving devices IP addresses and VPN access. It then introduces on-premise brokered models using message protocols like MQTT to address some challenges but still have issues at scale. Finally, it presents service-assisted communications as a better approach where devices connect outbound to a cloud gateway via open protocols and each has a dedicated inbox and outbox to receive commands and send data securely without inbound open ports. This minimizes attack surfaces and provides efficient management of large numbers of devices.
This document discusses various types of network security attacks and methods to prevent them. It covers physical access attacks, social engineering attacks, penetration attacks like scanning and malware. It also discusses attacks on the OSI and TCP/IP models like at the session, transport and network layers. Prevention methods covered include firewalls, proxies, IPSec, security policies and hardening hosts. Specific switch and router vulnerabilities are examined like ARP poisoning, SNMP, spanning tree attacks. Countermeasures for switches include BPDU guard, root guard.
Eradicate the Bots in the Belfry - Information Security Summit - Eric VanderburgEric Vanderburg
Eric Vanderburg, Director of Information Systems and Security at JurInnov, presents "Eradicate the Bots in the Belfry" at the Information Security Summit.
Network security is important to protect systems from attacks. Firewalls act as the first line of defense, blocking unauthorized incoming and outgoing network traffic based on security rules. Different types of firewalls operate at different layers of the OSI model and provide varying levels of security. No single security measure can guarantee protection, so a defense-in-depth approach using firewalls along with other tools like intrusion detection systems is recommended.
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...Eric Vanderburg
Eric Vanderburg, Director of Information Systems and Security at JurInnov, presents "The Bot Stops Here: Removing the BotNet Threat" at the Public and Higher Ed Security Summit.
The document summarizes a presentation on network security and Linux security. The presentation covered introduction to security, computer security, and network security. It discussed why security is needed, who is vulnerable, common security attacks like dictionary attacks, denial of service attacks, TCP attacks, and packet sniffing. It also covered Linux security topics like securing the Linux kernel, file and filesystem permissions, password security, and network security using firewalls, IPSEC, and intrusion detection systems. The presentation concluded with a reference to an ID-CERT cybercrime report and a call for questions.
Mobile computing involves using portable devices to access applications and information over wireless networks. While mobility provides advantages, it also introduces security threats. Specific attacks that target mobile devices include packet sniffers, denial of service attacks, man-in-the-middle attacks, viruses, trojans, and worms. As mobile networks and usage grow more sophisticated, security risks increase from network attacks, more advanced threats, and a lack of training and awareness. Strong defenses are still limited, but future improvements could include traceback messages, enhanced congestion control, and new encryption protocols.
How Cyberflow Analytics have used KeyLines’ network visualization functionality to develop the next generation of cyber security analytics platform – built for the scope and scale of the Internet of Things.
Invited lecture, 2nd Annual Scientific Symposium of the Students of Information and Communication Systems Department, University of the Aegean, Samos, Greece, November 2007
Conferencia de Santiago Troncoso expuesta en la última edición de VoIP2DAY en la que nos explica cómo WebRTC hereda todas las amenazas de los servicios VoIP tradicionales junto con los ataques web existentes y nos da algunas claves sobre cómo mantener la seguridad de los servicios.
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
Anonymization techniques are a double-edged sword invention as they can be used by journalists to communicate more safely with whistle blowers or by malicious users to commit cyber-crimes without getting caught but the problem is that neither party is anonymous nor safe from being exposed. In the presentation Mohamed discussed a tool that he developed "dynamicDetect" to de-anonymize TOR clients and browsers and abstracting the user's original IP address and fingerprint. The tool then uses this information as a launchpad to perform defensive and offensive against that TOR user.
An approach to mitigate DDoS attacks on SIP.pptxamalouwarda1
This document proposes an approach to mitigate distributed denial of service (DDoS) attacks on voice over internet protocol (VoIP) systems. It discusses common VoIP attacks like eavesdropping, reconnaissance, and DDoS attacks. The proposed system would use Suricata as an intrusion detection and prevention system to analyze VoIP traffic, detect attacks, and trigger mitigation responses. It recommends configuring call limits, updating device firmware, and using a buffer server to filter traffic as countermeasures against DDoS attacks on SIP-based VoIP networks.
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...Rick G. Garibay
This document provides an overview of the Internet of Things (IoT) and intelligent systems for developers. It discusses key concepts like IoT connectivity models, common IoT protocols, challenges of IoT implementation, and reference architectures for building an IoT platform using cloud services. The document also presents examples and demos of using services like Azure Service Bus for brokered IoT device communications and command routing.
Similar to How to Hack a Telecom and Stay Alive (20)
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
1. Основные понятия и определения: продукт, пакет, связи между ними.
2. Как узнать, какие изменения произошли в продукте?
3. Проблемы changelog и release note.
4. Решение: инструмент ChangelogBuilder для автоматической подготовки Release Notes
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
1. Обзор Windows Docker (кратко)
2. Как мы построили систему билда приложений в Docker (Visual Studio\Mongo\Posgresql\etc)
3. Примеры Dockerfile (выложенные на github)
4. Отличия процессов DockerWindows от DockerLinux (Долгий билд, баги, remote-регистр.)
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
1. Проблемы в построении CI процессов в компании
2. Структура типовой сборки
3. Пример реализации типовой сборки
4. Плюсы и минусы от использования типовой сборки
1. Что такое BI. Зачем он нужен.
2. Что такое Qlik View / Sense
3. Способ интеграции. Как это работает.
4. Метрики, KPI, планирование ресурсов команд, ретроспектива релиза продукта, тренды.
5. Подключение внешних источников данных (Excel, БД СКУД, переговорные комнаты).
Approof — статический анализатор кода для проверки веб-приложений на наличие уязвимых компонентов. В своей работе анализатор основывается на правилах, хранящих сигнатуры искомых компонентов. В докладе рассматривается базовая структура правила для Approof и процесс автоматизации его создания.
Задумывались ли вы когда-нибудь о том, как устроены современные механизмы защиты приложений? Какая теория стоит за реализацией WAF и SAST? Каковы пределы их возможностей? Насколько их можно подвинуть за счет более широкого взгляда на проблематику безопасности приложений?
На мастер-классе будут рассмотрены основные методы и алгоритмы двух основополагающих технологий защиты приложений — межсетевого экранирования уровня приложения и статического анализа кода. На примерах конкретных инструментов с открытым исходным кодом, разработанных специально для этого мастер-класса, будут рассмотрены проблемы, возникающие на пути у разработчиков средств защиты приложений, и возможные пути их решения, а также даны ответы на все упомянутые вопросы.
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
Разработка наукоемкого программного обеспечения отличается тем, что нет ни четкой постановки задачи, ни понимания, что получится в результате. Однако даже этом надо программировать то, что надо, и как надо. Докладчик расскажет о том, как ее команда успешно разработала и вывела в промышленную эксплуатацию несколько наукоемких продуктов, пройдя непростой путь от эксперимента, результатом которого был прототип, до промышленных версий, которые успешно продаются как на российском, так и на зарубежном рынках. Этот путь был насыщен сложностями и качественными управленческими решениями, которыми поделится докладчик
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
Немногие разработчики закладывают безопасность в архитектуру приложения на этапе проектирования. Часто для этого нет ни денег, ни времени. Еще меньше — понимания моделей нарушителя и моделей угроз. Защита приложения выходит на передний план, когда уязвимости начинают стоить денег. К этому времени приложение уже работает и внесение существенных изменений в код становится нелегкой задачей.
К счастью, разработчики тоже люди, и в коде разных приложений можно встретить однотипные недостатки. В докладе речь пойдет об опасных ошибках, которые чаще всего допускают разработчики Android-приложений. Затрагиваются особенности ОС Android, приводятся примеры реальных приложений и уязвимостей в них, описываются способы устранения.
Разработка любого софта так или иначе базируется на требованиях. Полный перечень составляют бизнес-цели приложения, различные ограничения и ожидания по качеству (их еще называют NFR). Требования к безопасности ПО относятся к последнему пункту. В ходе доклада будут рассматриваться появление этих требований, управление ими и выбор наиболее важных.
Отдельно будут освещены принципы построения архитектуры приложения, при наличии таких требований и без, и продемонстрировано, как современные (и хорошо известные) подходы к проектированию приложения помогают лучше строить архитектуру приложения для минимизации ландшафта угроз.
Доклад посвящен разработке корректного программного обеспечения с применением одного из видов статического анализа кода. Будут освещены вопросы применения подобных методов, их слабые стороны и ограничения, а также рассмотрены результаты, которые они могут дать. На конкретных примерах будет продемонстрировано, как выглядят разработка спецификаций для кода на языке Си и доказательство соответствия кода спецификациям.
The document discusses preventing attacks in ASP.NET Core. It provides an overview of topics like preventing open redirect attacks, cross-site request forgery (CSRF), cross-site scripting (XSS) attacks, using and architecture of cookies, data protection, session management, and content security policy (CSP). The speaker is an independent developer and consultant who will discuss built-in mechanisms in ASP.NET Core for addressing these security issues.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
1. How to Hack
a Telecom and Stay Alive
Sergey Gordeychik
Сер
CTO. Positive Technologies
2. Ic Beo
Sergey Gordeychik, Positive Technologies, CTO
A “script writer” and a “director” of the Positive
Hack Days forum
Science editor of the SecurityLab.Ru portal
Author of the Web Application Security course,
and a book titled A Wireless Network Security and
a namesake course
A participant of WASC, RISSPA
http://sgordey.blogspot.com
3. What Is It All About?
What is so peculiar about telecoms?
Attacks against subscribers/Attacks by
subscribers
Perimeter… Just a perimeter
Partners and contractors
Technology networks
5. Specific Features of Telecommunication Companies
Large, large networks
Unification of various services (broadband access,
Wi-Fi, hosting, mobile communication)
Great number of applications and systems on the
perimeter
Exotics inside and outside
Lots of perimeters
Most networks belong to third parties
Forensics nightmare
6. How many perimeters
do telecoms have?
Internet
Subscribers
Partners
Office
Technology
network
7. …and a bit more…
Mobile
communications Broadband Technological
access network
Wired broadband access
Wireless broadband access
VOIP
Hosting Internet TV Hosting
...
8. …and a bit more…
Vladivostok Moscow
Roma Phnom Penh
11. Broadband Access
Huge non-segmented networks
Great number of end devices:
• Various SOHO devices
• Installed and unattended
• Standard bugs configurations
A manual on insecurity of network appliances
SNMP/Telnet/HTTP/UPnP control protocols in the Internet
Insecure/empty passwords
Web attacks on Client‟s side (Pinning, CSRF)
Huge number of users
• 1 out of1000, for 10 000 000 = 10 000
• Trivial passwords
12. Broadband Access. Attack
Collecting information
• Network scanning
• Access layer error (BRAS)
• Collecting information from internal forums and
other resources
• Self-service platform errors
Invalid login or password
vs
Invalid username
Preparing scenarios
• Capturing devices
• Guessing passwords
$profit$
15. Examples of Risks
Gaining access to a self-service portal
• Cashout
guessing password or stealing the router cfg files
(vpn/pppoe)
transferring money from a broadband access to a cell phone
(integration!)
Cashing out via PRS
• It drives me NUTS!!!
Guessing password or stealing the router cfg files (vpn/ppoe)
Purchasing the available
Balance =0
Performing a mass hacking of a router/PC
Performing a mass changing of
configurations
16. Attacks against Clients of Mobile Networks
Faking Caller ID
•self-service portal/USSD
•voice mailbox
•cash-out via PRS
•direct money withdrawal
Internet SS7 Taget
GSM
SIP-GW Tech
FAKE ID Systems
unauthorized access
17. Attacks against Clients of Mobile Networks
Malware for mobile devices;
Intercepting GSM –
Not a magic – just a ROCKET SCIENCE!
• attacking A5/1
• MITM, switch to A5/0
• downgrading UMTS -> GSM
Traffic, SMS, one-time passwords...
• Self-service portals/USSD
• Cash-out via PRS
• Voice mailbox
18. Hosting
Local network for collocated/dedicated
servers
• Attacks of a network/data link layer, attacks
against network infrastructure
• ARP Spoofing, IP Spoofing… old school
• Intrasegment IPv6 attacks
Attack against infrastructure (DNS…)
Shared hosting (once having intruded into
one of the sites…)
20. Pentester Tips & Tricks
We are only searching for vulnerabilities
We use only our own resources for demonstration
We avoid information protected by the law
A fickle client…
C: Prove it! Enter the portal!
P: No, thank you. Here is a password – enter it
yourself…
22. Why Subscribers? AGAIN?
Subscribers are WITHIN one of the
perimeters
Many attacks are easier if performed
on subscriber‟s side
The number of subscribers of modern
telecoms is quite large
23. General Problems
Network access control weakness
Intrasegment attacks
Protection of the end equipment
Web applications for subscribers
24. Network Access Control Errors
A direct way does not
always mean the most
interesting one :)
C:>tracert -d www.ru
Tracing route to www.ru [194.87.0.50] over a maximum of 30 hops:
1 * * * Request timed out.
3 10 ms 13 ms 5 ms 192.168.5.4
4 7 ms 6 ms 5 ms 192.168.4.6
25. Per Aspera Ad…level 15
#sh run
Using 10994 out of 155640 bytes
!
version 12.3
...
!
username test1 password 7 <removed>
username antipov password 7 <removed>
username gordey password 7 <removed>
username anisimov password 7 <removed>
username petkov password 7 <removed>
username mitnik password 7 <removed>
username jeremiah password 7 <removed>
26. Network Access Control Errors
GPRS/EDGE/3G, which traditionally stick to
NAT
Other clients are “invisible”
This is not always true…
GPRS: payment kiosks, ATMs, and etc., which
can have:
• A missing firewall;
• Missing updates;
• misconfigurations.
30. Web Portals and Services for Subscribers
A good few of resources
• forums, dating sites, video convertors, online
games, statistics, online shopping, photo
hosting, file hosting, online radio…
A good few of loopholes
• Old versions of applications and CMS, SQLi, LFI
and so on…
Single-Sign-On or the same passwords…
Are often placed into the DMZ together
with “ordinary” servers
31. Web Portals and Servers for Subscribers
Games server*
Proxima CMS, path traversal
+ SQLi + configuration error= root
About 20 more sites on the host
• Online broadcasting
• Branded desktop applications
•…
32. Pentester Tips & Tricks
Resources on the subscriber networks are often
SUBSCRIBER‟s resources
Getting approvals for every step of your work
Many systems operate on a wing and a prayer
They collapse all the time, but if you are online
anyway…
Avoiding (!) information protected by the law
A fickle client…
34. Perimeter?
Large, large networks!
•Use clouds
Great number of “third-party” resources
Get ready for rarities
Corporate web applications
The Lord of The Net
35. Great Number of Third-Party Resources
Quite a large number of perimeter hosts
belong to partners/subscribers
Quite often these hosts are “mixed” with
those of the client
Yet, they should not be disregarded
• Imagine that you are already a level
15/root/admin on the host and you just
entered the segment
36. Great Number of Third-Party Resources
SQLi on the mobile content portal (Oracle, sys)
private at the VoIP gateway
Maintained by partners
No hacking
Are actually located at a flat DMZ together with
client‟s servers
Enabling the billing Front-End
37. Rarities
So many different things can be found on the
perimeter
• Technology “hardware”
• VoIP
• Old-school firewalls
• Web cameras
•Unusual control systems: ELOM,
conditioners (!), UPS (!), etc.
Keep in mind the momentous attacks (X-mas
scan, UNIX RPC, Finger, and etc.)
Don‟t underrate the rarities
38. Rarities
nc –P 20 xxx.xxx.xxx.xxx 8080
Wireless Access Point
• Insecure password for web
• Enabling Telnet
• Compiling tcpdump/nc and others for the platform
• Using them for traffic/tunnel interception
Web camera
• LFI via a web interface
• Obtaining configuration files
• Gaining an access password for the control system
• Gaining access to the control system
41. Cobweb
Lots of Web. For real.
Enterprise web applications are often
accessible
• Terminal services (Citrix)
• Email systems
• Helpdesk systems
• Ill-equipped for operating on the
“wild web”
42. Support system
We found and applied Path Traversal
ManageEngine ServiceDesk Plus
Gained the “encrypted” password for
integration with AD
The password fitted for VPN
The password fitted for AD (Enterprise
Admin)
The password fitted for Cisco ACS
So we finally got lucky!
43. VPN
Lots of VPN, good and not so good
Passwords, IPSec Aggressive Mode…
44. The Lords of the Net
Administrator, the Lord of the Net
A large network means many administrators
Feudalism
• Rules are for wimps
• Enterprise IT infrastructure
VS “my infrastructure”
• Remote access systems
• Amusing web servers and trail
apps
46. The Lords of the Rings
TCP:1337 (SSL) – a web server of the system
administration department
Radio broadcasting (ShoutCast Server with a
default password)
Location: an administrator workstation
With all the consequences…
47. Pentester Tips & Tricks
Try not to miss a thing on the perimeter
Keep in mind third-party hosts
Get approvals for every step of your work
Don‟t disregard network rarities. Sometimes a web
camera can pave the way to the network core!
Pay special attention to Web
Remember admins
49. Contractors?
Requirements for system access (VPN)
Standard accounts (in order to remember)
No update management
Employees
50. Contractors…
Contractor in the technology network
• Wireless interface on a laptop
• Everyone, a shared folder
• The folder contains an installer of a control system
for xDSL modems/end routers
• With an in-built SA password in DBMS
• Who also has the same system?
Applications for agents, sale and activation of
communication services package
• Fat-client application
• Build-in access password for DBMS
• … as SYSDBA
52. Pentester Tips & Tricks
Contractors are never to be hacked
Get approvals for every step of your work
Many scenarios can be efficiently demonstrated by a
“white box” method
Suppose, I were a contractor
But you are not a contractor
…A fickle client…
54. Something special?
Changes are highly dynamic in the network
• New gadgets keep emerging
• Contractors keep working
• Configuration keeps changing
Implemented components and protocols are standard
• Threats typical for IP
• Configuration errors
• Platform vulnerabilities
Some errors can cause failures and facilitate frauds
55. Technology Networks Are Networks First of All!
Equipment vulnerabilities
Test systems, contractors‟ systems
FORGOTTEN(!) systems
Network management systems
57. Network Management Systems
Such treasure
•Network topology
•Device configuration
•Passwords and keys for
VPN/Wi-Fi/SNMP/RADIUS/VPN…
“They are behind the firewall”
+ Web password
- OS, DBMS, Web updates
+ Standard passwords for DBMS
+ File(!) shares
58. That‟s Tough!
WPA-PSK for
AP is found
Where are the
points
located?!!
60. VoIP Is a Honey Pie
Call management
Identity theft
(fraud)
Access to the
enterprise network
VoIP
Attack against…
Fraud or fraudulent
infrastructure
mispresentation
gateways
protocols
i[P]Phone
Wiretapping And more…
61. VoIP
1. VoIP Wi-Fi access (No WPA, so “slow”)
2. The nearest CISCO Call Manager
a) SQLi, CVE-2008-0026
https://www.example.org/ccmuser/personaladdressbookEdit.do?key='+UNION+ALL+SELECT+'','','',user,'',password+from+app
licationuser;--
b) Collecting hash
runsql select user,password from applicationuser
c) Restoring passwords from the hash
Компьютер
нарушителя
3. Level 15 for the whole network
1
WEP
ТОП ТОП
2 КЛВС
Вне офиса
Компании «А»
PSTN
IP PBX
Компания «А»
3
SQL injection
CVE-2008-0026
62. Mobile Networks – It‟s So Banal
Only the perimeter is secure
Some weird hardware?
• 3G SoftSwitch – Solaris 10 с CVE-2007-0882
(telnet -f)
•…
63. Self-Service Platform
WEB/USSD/WAP
Interface with payment systems
A possibility of money withdrawal
No authentication (Caller ID)
Weak authentication (PIN-код?)
Vulnerable applications (Web, SQL Injection, XSS)
64. VAS platforms
Someone’s application on the operator’s network
Malicious content, WAP-provisioning
Rich access via mobile stations (WAP/HTTP):
• Web application vulnerabilities
• Platform vulnerabilities
Platforms for service development
66. Forensic Nightmare
Large networks make it extremely difficult to
investigate incidents
Lots of vectors, tons of hardware, a great deal
of administrators
A couple of hops on the internal network, and
no one will make head or tail of it