The main motto of this session is to walk through the multitude of vulnerabilities present in PBX that may pose a threat to any individual or organization. This talk will demonstrate multiple exploitable security vulnerabilities including impact and attack scenarios as well as their mitigations that we came across while playing with different PBX. Hackers explore the vulnerabilities to launch various security attacks and security professionals need to learn how to moderate them. The presentation will not be limited to one, but rather many PBX vendors.
This talk will include the following categories and demonstration:

— Information Gathering
— Internet connected PBX and gaining access
— Password Security
— Caller ID Spoofing
— Softphone Security
— Vulnerabilities
— Impact
— Mitigation