Announcement

Collapse
No announcement yet.

Moritz Abrell - Phreaking 2.0 - Abusing Microsoft Teams Direct Routing

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Moritz Abrell - Phreaking 2.0 - Abusing Microsoft Teams Direct Routing

    Moritz Abrell - Phreaking 2.0 - Abusing Microsoft Teams Direct Routing



    Moritz Abrell, SySS GmbH

    Presentation Title:
    Phreaking 2.0 - Abusing Microsoft Teams Direct Routing


    Length of presentation: 20 minutes
    Demo, Exploit


    ABSTRACT:

    Microsoft Teams offers the possibility to integrate your own communication infrastructure, e.g. your own SIP provider for phone services. This requires a Microsoft-certified and -approved Session Border Controller. During the security analysis of this federation, Moritz Abrell identified several vulnerabilities that allow an external, unauthenticated attacker to perform toll fraud.

    This talk is a summary of this analysis, the identified security issues and the practical exploitation as well as the manufacturer's capitulation to the final fix of the vulnerabilities.


    SPEAKER BIO(S):

    Moritz Abrell is an experienced expert in Voice-over-IP and network technologies with a focus on information security.
    He works as a senior IT security consultant and penetration tester for the Germany-based pentest company SySS GmbH, where he daily deals with the practical exploitation of vulnerabilities and advises customers on how to fix them.
    In addition, he regularly publishes his security research in blog posts or presents it at IT security conferences.
    @moritz_abrell




    []
    Last edited by number6; June 12, 2022, 12:44.
Working...
X