20

Vulnerabilități grave în serviciile online ale unui telecom din România Prisăcaru Anatolie @shark0der 01.12.2012 @DefCamp

Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

Download PDF Report

Upload
defcamp
View
334
Download
2

Tags:

Embed Size (px)

DESCRIPTION

Citation preview

Page 1: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

Vulnerabilități grave în serviciile online ale

unui telecom din România

Prisăcaru Anatolie@shark0der

01.12.2012 @DefCamp

Page 2: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

The problem

Page 3: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

The motivation

Page 4: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

Let's dive into all this stuff

Page 5: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

The configurator

Page 6: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

The surprise

Page 7: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

The serious approach

Page 8: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

… still serious approach

Page 9: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

This can't be real

Page 10: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

What about pushing the limits?

Page 11: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

… even more

Page 12: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

Unbelievable, but it worked :)

Page 13: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

Really worked!

Page 14: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

And I've got more then I expected!

Page 15: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

Under the hood

Page 16: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

The key

Page 17: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

The simplicity

Page 18: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

The stupidity

Page 19: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

The lesson

NEVER BUT NEVER TRUST USER INPUT

Page 20: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012

THE END

Prisăcaru Anatolie@shark0der

01.12.2012 @DefCamp

Telephony Networking. Lesson 1: Telephony Essentials

Telephony Networking. Lesson 1: Telephony Essentials

Documents

DefCamp 2013 - DRM To Pown NSA in Few Easy Steps

DefCamp 2013 - DRM To Pown NSA in Few Easy Steps

Technology

PBX Vulnerability Analysistscm.com/NISTsp800-24pbx.pdfComputer based telephony systems and new techniques such as voice over IP (VOIP) present an entirely new collection of vulnerabilities

PBX Vulnerability Analysistscm.com/NISTsp800-24pbx.pdfComputer based telephony systems and new techniques such as voice over IP (VOIP) present an entirely new collection of vulnerabilities

Documents

Finding Network Vulnerabilities. 2 Objectives Define vulnerabilities Name the common categories of vulnerabilities Discuss common system and network vulnerabilities

Finding Network Vulnerabilities. 2 Objectives Define vulnerabilities Name the common categories of vulnerabilities Discuss common system and network vulnerabilities

Documents

DefCamp 2011 - call 2 action

DefCamp 2011 - call 2 action

Technology

docTrackr Presents at DefCamp 2013 - November 29-30

docTrackr Presents at DefCamp 2013 - November 29-30

Technology

DefCamp 2013 - 0Class2DOS

DefCamp 2013 - 0Class2DOS

Technology

How does a 0day work? - DefCamp 2012

How does a 0day work? - DefCamp 2012

Documents

NVidia CUDA for Bruteforce Attacks - DefCamp 2012

NVidia CUDA for Bruteforce Attacks - DefCamp 2012

Documents

Mobile networks: exploiting HTTP headers and data traffic - DefCamp 2012

Mobile networks: exploiting HTTP headers and data traffic - DefCamp 2012

Documents

Zombie browsers spiced with rootkit extensions - DefCamp 2012

Zombie browsers spiced with rootkit extensions - DefCamp 2012

Documents

Digipass Instrumentation for Fun and Profit - DefCamp 2012

Digipass Instrumentation for Fun and Profit - DefCamp 2012

Documents

DefCamp 2011 @Iasi

DefCamp 2011 @Iasi

Technology

CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012

CensorMeOrNot - P2P System of DNS Caches - DefCamp 2012

Documents

Telephony, VoIP - USALearning_v401/course/... · Telephony / VOIP . 191. Telephony / VOIP **191 Instructor: I'd like to . talk to you about telephony. In . particular, we're going

Telephony, VoIP - USALearning_v401/course/... · Telephony / VOIP . 191. Telephony / VOIP **191 Instructor: I'd like to . talk to you about telephony. In . particular, we're going

Documents

Web Applications - Security and Scalability Checklist - DefCamp 2012

Web Applications - Security and Scalability Checklist - DefCamp 2012

Documents

Attacks Against Captcha Systems - DefCamp 2012

Attacks Against Captcha Systems - DefCamp 2012

Documents

VULNERABILITIES AND SECURITY LIMITATIONS OF ... · IP telephony applications are considered to have a huge economic po tential in the near future. The role of IP telephony can be

VULNERABILITIES AND SECURITY LIMITATIONS OF ... · IP telephony applications are considered to have a huge economic po tential in the near future. The role of IP telephony can be

Documents

DefCamp 2013 - Android hacking techniques

DefCamp 2013 - Android hacking techniques

Technology

DefCamp 2013 - In vehicle CAN network security

DefCamp 2013 - In vehicle CAN network security

Technology

Source port vulnerabilities in .JP - static ... - DNS-OARC · Vulnerabilities suspected Heavy user exists. Vulnerabilities suspected Heavy user exists. Vulnerabilities suspected 25

Source port vulnerabilities in .JP - static ... - DNS-OARC · Vulnerabilities suspected Heavy user exists. Vulnerabilities suspected Heavy user exists. Vulnerabilities suspected 25

Documents

DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded

DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded

Technology

DefCamp 2013 - A few cybercrime cases that could make us think

DefCamp 2013 - A few cybercrime cases that could make us think

Technology

Prezentare defcamp 2012 Bogdan Belu

Prezentare defcamp 2012 Bogdan Belu

Documents

Enterprise IP Telephony Case Study - Kasetsart … Telephony Case... · Enterprise IP Telephony Case Study Net Day 2007 Enterprise IP Telephony Case Study TawinLiumpapangkul Solution

Enterprise IP Telephony Case Study - Kasetsart … Telephony Case... · Enterprise IP Telephony Case Study Net Day 2007 Enterprise IP Telephony Case Study TawinLiumpapangkul Solution

Documents

BAI613 Packet Telephony Module 6 Enterprise IP telephony

BAI613 Packet Telephony Module 6 Enterprise IP telephony

Documents

Voice Mashups: Telephony power without telephony expertise

Voice Mashups: Telephony power without telephony expertise

Technology

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Documents

DefCamp 2013 - DRM to p0wn NSA in a few easy steps

DefCamp 2013 - DRM to p0wn NSA in a few easy steps

Technology

DefCamp 2013 - MSF Into The Worm Hole

DefCamp 2013 - MSF Into The Worm Hole

Technology