TRAINING

VOIPHREAKING - HOW TO MAKE FREE PHONE CALLS AND INFLUENCE PEOPLE

http://www.secguru.com/link/voiphreaking_how_make_free_phone_calls_and_influence_people_video

THE RECENT EXPLOSION IN INTERNET TELEPHONY HAS LED TO THE EXPOSURE OF THE (PREVIOUSLY) CLOSED PUBLIC SERVICE TELEPHONE NETWORK (PSTN) TO THE WILDS OF THE INTERNET. VOICE OVER IP (VOIP) TECHNOLOGY PRESENTS NEW AND INTERESTING SECURITY CHALLENGES, MANY OF WHICH ARE COMPLETELY IGNORED UNTIL AFTER DEPLOYMENT. THESE SECURITY ISSUES, SUCH AS NEW AVENUES FOR FRAUD, PRESENT SERIOUS RISKS TO TRADITION TELEPHONY COMPANIES.
THIS TALK EXPLORES THE TECHNOLOGIES BEHIND VOIP INFRASTRUCTURES, FOCUSING ON THEIR WEAKNESSES AND FAULTS. LIVE DEMOS WILL HELP ILLUSTRATE THAT ATTACKS WHICH VIOLATE VOIP SYSTEM SECURITY ARE NOT ONLY PRACTICAL, BUT ARE ALREADY HERE. THE ERA OF VOIPHREAKING HAS BEGUN.

VOIP ATTACKS

http://video.google.com/videoplay?docid=-3393113300431239249

VOIP ATTACKS IS DIVIDED INTO TWO SECTIONS. THE FIRST SECTION IS AN OVERVIEW OF A COLLECTION OF CURRENTLY RELEVANT ATTACKS AGAINST VOICE-OVER-IP SYSTEMS, CATEGORIZED INTO FOUR IMPACT ZONES; ATTACKS AGAINST AVAILABILITY, ATTACKS AGAINST INTEGRITY, ATTACKS AGAINST CONFIDENTIALITY, AND VENDOR-SPECIFIC ATTACKS. THE ATTACKS ARE DISCUSSED IN REGARD TO WHAT CAUSES THE TARGET SYSTEM TO BE VULNERABLE TO THE ATTACK, HOW THE ATTACK WORKS, WHAT EFFECT A SUCCESSFUL ATTACK HAS ON THE SYSTEM IN QUESTION, WHAT TOOLS ARE PUBLICLY AVAILABLE TO PERFORM THE ATTACK, AND WHAT MITIGATION STEPS CAN BE TAKEN TO PREVENT THE ATTACK. THE SECOND SECTION OF THIS PRESENTATION WILL FOCUS ON THE MITIGATIONS SUGGESTED FOR EACH ATTACK IN THE FIRST SECTION, WHAT PROBLEMS THOSE MITIGATIONS HAVE, AND WHAT ISSUES MAY ARISE WHEN ATTEMPTING TO IMPLEMENT THOSE MITIGATIONS.

JAREDDEMOTT - THE EVOLVING ART OF FUZZING

http://video.google.com/videoplay?docid=4641077524713609335

THE EVOLVING ART OF FUZZING WILL BE A TECHNICAL TALK DETAILING THE CURRENT STATE OF FUZZING AND DESCRIBING CUTTING EDGE TECHNIQUES. FUZZER TYPES, METRICS, AND FUTURE RESEARCH WILL BE PRESENTED. ALSO, ONE OF ASI'S PRIVATE FUZZER TOOLS WILL BE DISCUSSED & DEMOED. GOODIES ARE AVAILBLE ON HTTP://WWW.VDALABS.COM. JARED DEMOTT IS A VULNERABILITY RESEARCHER AND HAS BEEN IN THIS FEILD FOR 6 YEARS. JARED EARNED A MASTERS DEGREE FROM JOHNS HOPKINS UNIVERSITY. JARED WAS A DEFCON SPEAKER THIS YEAR. HE IS CURRENTLY PURSUING A PHD FROM MICHIGAN STATE UNIVERSITY, WITH DISSERTATION WORK TO BE DONE ON FUZZING.

SIPVICIOUS TOOL INTRODUCTION AND USAGE

http://www.youtube.com/watch?v=2lo35DVwNog

(TAOF) THE ART OF FUZZING DEMOS

http://theartoffuzzing.com/joomla/index.php?option=com_content&task=view&id=20&Itemid=37

HOW-TO VIDEOS & TUTORIALS ON HOW TO CRACK (WEP, WPA, & WPA2)

http://backtrack.offensive-security.com/index.php?title=ExternalHowto

DEF CON MEDIA ARCHIVES (EXCELLENT WEALTH OF INFORMATION)

https://www.defcon.org/html/links/defcon-media-archives.html

BLACKHAT MEDIA ARCHIVES (EXCELLENT WEALTH OF INFORMATION)

http://www.blackhat.com/html/bh-multimedia-archives-index.html

WHITEHAT MEDIA ARCHIVES

http://www.whitehatsec.com/home/resources/preso.html

TACTICAL EXPLOITATION

http://video.google.com/videoplay?docid=8220256903673801959

PRESENTATION GIVEN AT DEF CON LAS VEGAS BY HDMOORE & VALSMITH

CONVERT DEBUGGING - CIRCUMVENTING SOFTWARE ARMORING TECHNIQUES PRESENTED BY DANNY QUIST & VALSMITH

http://video.google.com/videoplay?docid=-7003002075661431033

CERT VIRTUAL TRAINING ENVIRONMENT

https://www.vte.cert.org/vteweb/

THE CERT VIRTUAL TRAINING ENVIRONMENT (VTE) - A REVOLUTIONARY RESOURCE FOR INFORMATION ASSURANCE, INCIDENT RESPONSE AND COMPUTER FORENSIC TRAINING, WITH OVER 400 HOURS OF MATERIAL AVAILABLE. VTE BLENDS THE BEST OF CLASSROOM INSTRUCTION AND SELF-PACED ONLINE TRAINING, DELIVERING TRAINING COURSES, ANYTIME ACCESS TO ANSWERS, AND HANDS-ON TRAINING LABS ALL THROUGH A STANDARD WEB BROWSER. VTE IS PRODUCED BY THE CERT® PROGRAM OF THE SOFTWARE ENGINEERING INSTITUTE AT CARNEGIE MELLON UNIVERSITY.

UNIVERSITY LECTURE SERIES

==> OSI MODEL INTRO LECTURE

http://www.pcs.cnu.edu/~dgame/cs502/topics/WMVLectures/OSI.wmv

==> INTRODUCTION TO PROTOCOLS LECTURE

http://www.pcs.cnu.edu/~dgame/cs502/topics/WMVLectures/ProtocolIntro.wmv

==> ERROR DETECTION - CRC LECTURE

http://www.pcs.cnu.edu/~dgame/cs502/topics/WMVLectures/CRC.wmv

==> ADVANCED STUDY OF PROTOCOLS LECTURE

http://www.pcs.cnu.edu/~dgame/cs502/topics/WMVLectures/ProtocolAdvanced.wmv

==> INTRO TO LANS LECTURE

http://www.pcs.cnu.edu/~dgame/cs502/topics/WMVLectures/LANs.wmv

==> LAN ANALYSIS LECTURE

http://www.pcs.cnu.edu/~dgame/cs502/topics/WMVLectures/LANAnalysis.wmv

==> BRIDGES LECTURE

http://www.pcs.cnu.edu/~dgame/cs502/topics/WMVLectures/Bridges.wmv

==> IP ADDRESSES LECTURE

http://www.pcs.cnu.edu/~dgame/cs502/topics/WMVLectures/IPAddresses.wmv

==> ROUTING LECTURE

http://www.pcs.cnu.edu/~dgame/cs502/topics/WMVLectures/Routing.wmv

==> IP AND TCP LECTURE

http://www.pcs.cnu.edu/~dgame/cs502/topics/WMVLectures/ipntcp.wmv

==> ENCRYPTION LECTURE

http://www.pcs.cnu.edu/~dgame/cs446Gen/topics/EncryptionGen/EncryptGen.wmv

THE LEARN TO SUBNET & TCP/IP TRAINING SERIES

http://www.learntcpip.com/

NESSUS 3 DEMONSTRATION VIDEOS

http://www.tenablesecurity.com/demos/index.php?view=demo_videos

HACKING ILLUSTRATED VIDEO SERIES

http://www.irongeek.com/i.php?page=security/hackingillustrated

NUMEROUS VIDEOS SHOWING USAGE AND INSTRUCTION ON TOOLS SUCH AS METASPLOIT, NMAP, ETTERCAP, AND MUCH MORE.

CHICAGOCON SECURITY CONFERENCE PRESENTATIONS

http://www.chicagocon.com/content/view/33/1/

NUMEROUS SECURITY VIDEOS FROM SECURITY-FREAK.NET

http://www.security-freak.net/videos.html

NUMEROUS VIDEOS FROM TOORCON.ORG

http://www.toorcon.org/2007/intro.php

NUMEROUS VIDEOS LINKED FROM KNOWLEDGECAVE.COM

http://www.knowledgecave.com/

NOTE: REGISTRATION IS REQUIRED

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License