- Innovation, regulation and research on tap at RSA 2008
- Researchers uncover 100 VoIP vulnerabilities
- Badware not pushing users offline
- Web attacks won't stop
- Most sites still hack-able
- Tips on employee monitoring
- Research: IT security maturing, but misaligned
- Clarke sharply criticizes Bush cyber-security plans
- Conference seeks to bridge risk, research
- Core finds new CEO
July 31, 2006 | Comments: (0)
Black Hat Training and sunburns
I spent the past two days here in Las Vegas in the Tactical VoIP: Applied VoIP Phreaking class, taught by The Grugq for the first time. While it wasn't the most organized class, it did have a good amount of practical information on VoIP and exposed quite a few of the vulnerabilities that exist today with enterprise VoIP deployments. We worked with several tools including ones that did SIP injection, SIP ping (good for tracing the path a SIP call as it moves through the network) and MGCP server enumeration. Luckily I didn't have to learn Python to get these tools to work, but, if the class was nothing else, it was definitely fun and informative. I'll have a podcast with The Grugq up in a few days with his take on SIP Worms and Vishing (VoIP Phishing).
For the next two days I'm taking the NSA's (yes, that NSA) INFOSEC Evaluation Methodology course taught by Security Horizon. For me the IEM is a follow on to the excellent NSA INFOSEC Assessment Methodology course taught by Security Horizon I took last year here in the Big Hot. I found the IAM a bit rudimentary, but it covers all of the steps needed during a security assessment from the process perspective. It seems that the IEM is going to be about tools, attacks and defense. I look forward to seeing how it will pan out over the next two days.
Considering these two classes as the Odd Couple, where The Grugq is Oscar, Russ Rogers' teaching the IEM class is the exact opposite; a Felix with defined, clear-cut policies and procedures and almost retentive. But hey, what do you you expect when it comes to a NSA certification? BTW, if you're lucky enough to take a class from Russ, I would highly suggest taking it.
Did I get sunburn? No, unless you count one from florescent lights. I think I might actually leave here with less of a tan than when I got here (sort of like Oliver Rist when he goes to Hawaii).
Posted by Victor R. Garza on July 31, 2006 10:59 AM
RATE THIS ARTICLE:
-
- COMMENTS
| ZERO DAY PODCAST |
| Listen to the latest podcast: |
MP3
•
•
•
Archive
•
![[VoiceIndigo Mobilize - Listen to podcasts on your mobile phone]](http://www.voiceindigo.com/ht/images/mobilize_logo_sm.gif){kind=logo}
|
TOP STORIES
ADDITIONAL RESOURCES
- Remote Access: Maintain Security and Decrease the Burden on IT
- Beyond AntiVirus: Symantec Endpoint Protection
- What Every Enterprise Needs to Know About VDI
- Disaster Recovery in Minutes
- Protecting Microsoft(R) Applications
- Reduce Recovery Times and Tape Costs
