Infoz

 Who:Hackers Like You.
 What:ToorCon 12
 When:OCT 22rd-24th
 Where:San Diego Convention Center
 Why:What Could possibly go wrong?

Main Menu

Home
Registration
Venue
Conference
Workshops
Seminar
Sponsors
Contests
Crew

Login

Who's Online

No Users Online
Home arrow Conference arrow Talks arrow IP Video Attacks!
IP Video Attacks! Print E-mail

New IP video applications promise many exciting cost-saving benefits, but they also bring with them a host of security challenges and vulnerabilities. This session applies existing techniques for VoIP attacks against next-generation Video deployments using the SIP protocol.

This presentation will focus primarily on informative and insightful live demos that show targeted video attacks and issues that put video application traffic at risk. We will focus on the following:

* First security conference demonstration of Video Eavesdropping against SIP endpoints, with releaseof a new version of the UCSniff IP Video Sniffer tool. The demo will explore potential attack scenarios against Telepresence deployments of commercial vendors using SIP.

* Research into the concept of live "Video Monitoring" - We have developed a UCSniff GUI version, and will explore the concept of intercepting and viewing live video streams via a nice GUI that uses media player plugins.

* Enhanced codec support for UCSniff and a new version of our "VideoSnarf" security assessment tool. VideoSnarf takes an offline pcap as input, and outputs all video and audio streams.

* Demonstration of an IP Video replay attack using the "VideoJak" security assessment tool. In this live demo, we will make a "blind camera", in the light of heist movies that rely on IP video surveillance systems.

* A tip that we have learned through VoIP pentesting of production enterprise networks. This trick enhances one's ability to target specific VoIP users clandestinely. Other VoIP goodness may follow this.

Note that all the tools to be demonstrated are open source, available to the security community at large and that we do not distribute them in any commercial way.

Jason Ostrom

Jason Ostrom, CCIE #15239, is Director of Sipera VIPER (Voice over IP Exploit Research) Lab. He is a graduate of the University of Michigan, Ann Arbor and author of the “VoIP Hopper” Assessment tool. Ostrom has over 12 years experience in technology fields such as network infrastructure, programming, and penetration testing.

Arjun Sambamoorthy

Arjun Sambamoorthy is a Vulnerability Research Engineer in the Sipera VIPER Lab. He is a graduate of University of Texas, Dallas, and a key developer and co-author of the UCSniff tool.
 
< Prev   Next >
© 2010 ToorCon, all bits reserved.