VoiceOver IP
Penetration Testing

Security Simplified conducts Voice over IP (VOIP) infrastructure penetration testing from an “unauthenticated” user perspective. The primary purpose of the assessment is to uncover network and application layer vulnerabilities and misconfigurations that could result in the complete compromise of the VOIP infrastructure, device or the communication.

Security Simplified consultants hold plenty of experience in security testing ​​modern day telecommunications VOIP networks. We perform the attacks ranging from VLAN hopping to Voicemail attacks in every engagement. Our checklist includes attacks such as CallerID spoofing, authentication and authorization, RTP injection, etc.

Our methodology is derived from the below standards:

  • Penetration Testing Execution Standard (PTES)
  • MITRE ATT&CK Framework
  • Open Source Security Testing Methodology Manual (OSSTMM)
Image
Image

Our Methodology

Active Enumeration of VOIP Devices

Open Ports, Service Enumeration, Protocol Identification & Enumeration

Vulnerability Scanning, Identify DoS Vulnerabilities, Identify Attack Vectors

Exploit known Vulnerability & Misconfigurations

Identify Escalation Vectors (Local System or User Privilege Related)

VLAN Hopping, RTP Injection & Traffic Interception

Attack Foothold

Executive Summary

Finding, Risk & Recommendations

Sample List of Checks

  • Enumeration and Information Gathering
  • Application-layer Vulnerabilities
  • Mass Assignment
  • Eavesdropping via ARP Poisoning
  • Error Handling & Logging
  • SIP Authentication Attacks, Dictionary Attack
  • Denial-of-Service (DoS) Attacks
  • Caller ID Impersonation& Spoofing
Image

Reporting

  • Executive summary for the management
  • Vulnerability dashboard for the project team
  • Technical report for the development team
  • Detailed attack paths & chaining of vulnerabilities to gain persistent access
  • Vulnerability description, root cause, impact and remediation steps
  • Reporting and risk rating matrix based on PTES, & OSSTMM standards

Want to work with us?

Do you need help finding information or want to know more about what Security Simplified services can do for you?

CONTACT US

Copyright @2022 Security Simplified Limited