Chris Gatford and Peter Wesley

Chris Gatford is the Director of HackLabs in Sydney, Australia and performs penetration tests for organisations all around the world.

Chris has reviewed countless IT environments and has directed and been responsible for numerous security assessments for a variety of corporations and government departments.

Chris is an Instructor for the HackLabs the course and in his previous role at Ernst & Young he was a manager for six years in the penetration testing services team. Chris was the lead instructor for the eXtreme Hacking course. In both his roles Chris has taught the art of professional hacking to hundreds of students from global organisations.

Chris has co-authored “Network Security Assessment: From Vulnerability to Patch” from Syngress Publishing.

Chris is also a frequent speaker at many security related conferences. Chris is a member of several security professional organisations and is a Certified Information Systems Security Professional

Peter Wesley is a security specialist with 20 years IT experience, Predominately in the Banking and Finance industry, including consultancy for Deutsche Bank, Westpac, and MLC.

Recently Peter has been probing VOIP systems for vulnerabilities and has created vulnerability advisories sent to large vendors with the vulnerabilities he has discovered.

His particular focus has been the design and development of secure applications and internet infrastructure and associated risk analysis. As a developer has had extensive experience designing, developing and securing Mobile Applications platforms.

About HackLabs
HackLabs is the only security company in Australia dedicated to penetration testing. The company has been formed by a team of industry professionals with the aim of providing improved and most importantly thorough and appropriate security testing.

The team at HackLabs are very passionate about their work and want to ensure that the client has the best information and presented in a cutting edge deliverable to ensure optimum knowledge to the right audiences.

AusCERT2011 Presentation

VOIP Security Testing

VOIP Security Testing is a one day tutorial that provides intensive, hands-on training. Participants will learn how hackers perform VOIP Attacks and how to remediate common vulnerabilities. Attendees will learn how hackers can gain methodically gain entry access to an organisations telephony systems to steal information and abuse services.

The intent of this course is to assist organisations in arming front line staff with the approach, the latest tools and techniques that attackers utilise so that they can better secure there organisations VOIP environment.

The course is compromised of the following modules and concludes with a two-hour lab simulating a VOIP Environment of an organisation to compromise. During this time they will learn how to identify users on

Practical;
• Attacking Cisco Phones
• Attacking Cisco Call Manager
• H.323 Protocol attacks
• SIP Protocol attacks
• Skinny Protocol attacks
• Unified Communications (IM) Attacks
• Microsoft Office Communicator Attacks (OCS/Link)

Theory;
• VOIP Design Weaknesses
• VOIP Risk models
• Best Practice VOIP Design Concepts
• Implementation attacks
• Implementation Mistakes
• Defence Strategies
• Operational Strategies

LAB: The course’s two-hour lab simulating a VOIP environment allows students to test the skills in which they learnt in the morning to compromise some of the technologies and tools demonstrated during the course of the day.