RSS feed logo header graphic

Black Hat USA 2008 Training

Caesars Palace Las Vegas • August 2-7

Infrastructure Attacktecs™ & Defentecs™:
Cisco Voice Over IP (VoIP)

Stephen Dugan, 101Labs & Rodney Thayer

registration button

Attacktecs™ Attack Techniques used to exploit network infrastructure, servers, databases and other services with the intent of stealing or destroying intellectual property and/or to deny users and clients legitimate access.

Defentecs – Defense Techniques and implementation methods used to defend against the latest Attacktecs.


This class will cover a wide variety of the publicly-available exploit tools (and some we've created) and how they can be used specifically against Cisco VoIP (Voice over IP) telephony systems. The training will cover the attack methodologies that are used against the SIP and H.323 protocols as well as VoIP network infrastructure. Significant class time will be devoted to both attack and defense techniques. This class is designed to be very hands-on and lab intensive. Therefore, a certain level of VoIP experience will be expected, specifically in using Cisco Systems related products.

Students will be using a variety of VoIP gear, Cisco equipment, and open source tools. Students will be required to bring their own laptops to attach to the lab network (with appropriate caution). Laptops will be used to run attacks against the network and to perform configuration. The labs will require all laptops to have both a serial port and Fast Ethernet NIC. Operating systems on laptops can be either Windows or Linux. The class CD will have tools for both OSs, however some of the tools are only available for certain operating systems.

Some of the topics that will be covered:

  • VoIP architectural vulnerabilities
  • VoIP threat models
  • Deployment mistakes and related vulnerabilities
  • Defense requirements for VoIP networks
  • Operational techniques for VoIP network defense
  • H.323 attacks
  • SIP attacks
  • VoIP implementation attacks
  • Designing VoIP security infrastructure
  • Requirements guidelines for secure VoIP products
  • Specific attacks against Cisco phones and Call Manger


Stephen Dugan is currently an independent contract instructor and network engineer. He has been teaching Cisco networking for the last several years focusing on Router and Switch configuration, Voice/Data integration, and Network Security. His students come mostly from Fortune 500 companies, government/military and service providers. He also teaches private internal classes to Cisco Employees. As a Network Engineer he has worked on the design and implementation of large enterprise, government, and service provider networks. He is also working on a unique security book covering the aspects of hacking VoIP networks. Although the book has been delayed, it should be out in 2006.

Rodney Thayeris a private network security consultant in Mountain View, California. His practice includes exploit analysis, network security incident investigations, architecting secure networks, and cryptography. His background is in the development and deployment of network security devices, having participated in the development of various implementations of IPsec, SSL (TLS), and digital certificate systems. He has also worked in the area of network management, having done early work on SNMP and participating in the initial development of Counterpane Internet Security's Managed Security Service. He has over 30 years of experience in the design, development, and deployment of networking and security software. He has extensive experience working to standardize network security protocols and practices through organizations such as the Internet Engineering Task force (IETF.) He was a member of the working Group responsible for delivering the first standard specification of the IPsec protocol, and was involved in developing several IETF specifications including RFC 2411 (IPsec), RFC 2440 (PGP), in addition to involvement in work on TLS (web browser/SSL security) and Digital Certificates (X.509/PKI.) He has written and lectured extensively on security matters and has presented work in a variety of forums including Network World, Security Technique, Networld+Interop, and various other lecture and print venues. He is a member of Network World's Test Alliance, The Shmoo Group, and HTCIA.

registration button







1997-2009 Black Hat ™