hunting pbx for vulnerabilities sachin wagh
play

Hunting PBX For Vulnerabilities Sachin Wagh Security Analyst - PowerPoint PPT Presentation

Hunting PBX For Vulnerabilities Sachin Wagh Security Analyst Security Intelligence Team @ Symantec Speaker at Hakon and Geek Street - Infosecurity Europe Bug Hunter | Penetration Tester Security Blogger @tiger_tigerboy


  1. Hunting PBX For Vulnerabilities

  2. Sachin Wagh Security Analyst  Security Intelligence Team @ Symantec  Speaker at Hakon and Geek Street - Infosecurity Europe  Bug Hunter | Penetration Tester  Security Blogger @tiger_tigerboy

  3. Himanshu Mehta Senior Threat Analysis Engineer  Security Intelligence Team @ Symantec  Speaker at National Cyber Security Conference, Hakon & Geek Street - Infosecurity Europe  Advisory Board Member @EC-Council & Convetit  Bug Hunter | Penetration Tester @LionHeartRoxx

  4. Content • What is PBX • Features • Searching • Softphone • Vulnerabilities • Mitigations Hunting PBX for Vulnerabilities

  5. Private Branch Exchange Source: http://www.cealcomz.co.za Hunting PBX for Vulnerabilities

  6. Features • Call Forwarding • Call Transfer • Conference Calls • Automatic Call Delivery (ACD) • Voice Messaging • Call Queue ..etc Hunting PBX for Vulnerabilities

  7. Searching Hunting PBX for Vulnerabilities

  8. Shodan: "NCH Software Axon Virtual PBX“ Hunting PBX for Vulnerabilities

  9. Call Details Records Hunting PBX for Vulnerabilities

  10. Censys: "FreePBX Administration“ Hunting PBX for Vulnerabilities

  11. Censys: "FreePBX Administration“ Hunting PBX for Vulnerabilities

  12. Hunting PBX for Vulnerabilities

  13. Shodan: “ polycom+command+shell “ Hunting PBX for Vulnerabilities

  14. File Transfer Protocol ( FTP) Hunting PBX for Vulnerabilities

  15. Call Details Records Hunting PBX for Vulnerabilities

  16. Server Message Block (smb) Hunting PBX for Vulnerabilities

  17. Server Message Block (smb) Hunting PBX for Vulnerabilities

  18. Shodan: “port:23 console gateway - password“ Hunting PBX for Vulnerabilities

  19. Softphone Hunting PBX for Vulnerabilities

  20. Vulnerabilities Hunting PBX for Vulnerabilities

  21. TRIXBOX Hunting PBX for Vulnerabilities

  22. Blind OS Command Injection I AM NOT BLIND I’VE JUST SEEN ENOUGH Hunting PBX for Vulnerabilities

  23. Hunting PBX for Vulnerabilities

  24. Blind OS Command Injection [DEMO] CVE-2017-14535 Hunting PBX for Vulnerabilities

  25. Path Traversal Hunting PBX for Vulnerabilities

  26. Path Traversal [DEMO] CVE-2017-14537 Hunting PBX for Vulnerabilities

  27. Path Traversal [DEMO] CVE-2017-14537 Hunting PBX for Vulnerabilities

  28. Cross-site Scripting source:gif-finder.com Hunting PBX for Vulnerabilities

  29. Cross-site Scripting [DEMO] CVE-2017-14536 Hunting PBX for Vulnerabilities

  30. AXON Hunting PBX for Vulnerabilities

  31. Cross-site Scripting [DEMO] CVE-2018-11552 Hunting PBX for Vulnerabilities

  32. Local Code Execution Hunting PBX for Vulnerabilities

  33. Local Code Execution [DEMO] CVE-2018-11551 Hunting PBX for Vulnerabilities

  34. Hunting PBX for Vulnerabilities

  35. Local Code Execution [DEMO] CVE-2018-11551 Hunting PBX for Vulnerabilities

  36. Hunting PBX for Vulnerabilities

  37. Mitigations  POLICIES AND PROCEDURES :  SECURITY TRAINING  PASSWORD POLICY  INCIDENT RESPONSE PROCEDURE  OS LEVEL SECURITY :  PATCHES  APPLICATIONS AND SERVICES  PRIVILEGES Hunting PBX for Vulnerabilities

  38. Thank You Hunting PBX for Vulnerabilities

Recommend


More recommend