CXMLVXML IVR Pentesting for Audito - HITB2012AMS D2T2
HITB Amsterdam 2012
October 22, 2012
CXML and VXML languages are used to power IVR applications. IVR systems are often seen in Phone Banking, Call Center applications, and other auto attendant systems. These devices are connected to internal networks and databases. The input to these devices is via DTMF and Voice inputs, and all the processed data are read out by the system. So any sort of errors triggered by an attacker internally would be read out by these machines and there are a lot of possible attacks on these systems leading to Internal Network security compromise. The easiest way to find these bugs are by doing a source code audit on these applications. This talk will demonstrate buggy CXML and VXML programs and security issues.
See publication
Tags: Cybersecurity, Risk Management
Shouldn't organization disclose breaches
c0c0n XII
November 21, 2019
c0c0n-XII - Hacking and Cyber Security Briefing [Panel Discussion] Shouldn't Organization disclose breaches - The need for a shared platform
# Moderator: Sunil Varkey, CTO & Security Strategist – Middle East, Africa & Eastern Europe
# Jacxine Fernandes, Group CISO Adani Group
# Rahul Sasi, Founder and CTO, CLoudSek
# KK Chaudhary, Executive Director-IT & IS at LANCO Group
See publication
Tags: Cybersecurity, Leadership, Risk Management
Security vulnerabilities in DVB C networks; Hacking Cable TV network
EkoParty 2015
October 15, 2015
DVB-C stands for "Digital Video Broadcasting - Cable" and it is the DVB European consortium standard for the broadcast transmission of digital television over cable. This system transmits a MPEG-2 or MPEG-4 family digital audio/digital video stream, using a QAM modulation with channel coding. The standard was first published by the ETSI in 1994, and subsequently became the most widely used transmission system for digital cable television in Europe. source: http://en.wikipedia.org/wiki/DVB-C We been working with a Cable TV service provider for the past 1 year. With digital cable tv implementations, the transmitted MPEG streams are encrypted/scrambled and users needs a setup box to de-scramble/decode the streams. Also, service providers can shut down a device remotely if (no payment) or even display a custom text message that will scroll on top of a video. This is made possible by Middleware servers or applications servers that are used to manage the DVM networks. So in our talks, we cover the various attacks we can do on DVB-C infrastructure. That will include the following topics. 1) Security Vulnerabilities in DVB-C middleware servers. [Hijacking a TV stream] 2) Implementation bugs in DVB-C network protocol.[Man in the Middle Attacks] 3) Fuzzing setup boxes via MPEG streams. [Shutting down Setup boxes] 4) Demo taking over your Cable TV BroadCasting.
See publication
Tags: Big Data, Cybersecurity
Hacker's Live: A Session by Hacker(s)
DynamicCISO
February 28, 2020
A Session by Hacker. Cybersecurity professionals should create a robust “Defense Mechanism” for a stronger, better, cybersecurity posture.
See publication
Tags: Cybersecurity
Art of Hacking
TEDxGCT
July 09, 2016
Hacking has become a very frequent phenomenon. But the extent a person can do legally brings the question of introspection. With the word "privacy" becoming a mockery, the art of white hat hacking has become convenient in day to day life. Rahul Sasi's interest in hacking has given the opportunity to hack a few websites and found a simple backdoor in drone systems. He has found the flaw in our terrestrial cable connections that relay television signal, through which he was able to handle a channel frequency at his own will.
See publication
Tags: Cloud, Cybersecurity, Risk Management
Security vulnerabilities in DVB C networks; Hacking Cable TV network
Ekoparty 2015 - Buenos Aires, Argentina
October 27, 2015
DVB-C stands for "Digital Video Broadcasting - Cable" and it is the DVB European consortium standard for the broadcast transmission of digital television over cable. This system transmits a MPEG-2 or MPEG-4 family digital audio/digital video stream, using a QAM modulation with channel coding. The standard was first published by the ETSI in 1994, and subsequently became the most widely used transmission system for digital cable television in Europe. source: http://en.wikipedia.org/wiki/DVB-C We been working with a Cable TV service provider for the past 1 year. With digital cable tv implementations, the transmitted MPEG streams are encrypted/scrambled and users needs a setup box to de-scramble/decode the streams. Also, service providers can shut down a device remotely if (no payment) or even display a custom text message that will scroll on top of a video. This is made possible by Middleware servers or applications servers that are used to manage the DVM networks. So in our talks, we cover the various attacks we can do on DVB-C infrastructure. That will include the following topics. 1) Security Vulnerabilities in DVB-C middleware servers. [Hijacking a TV stream] 2) Implementation bugs in DVB-C network protocol.[Man in the Middle Attacks] 3) Fuzzing setup boxes via MPEG streams. [Shutting down Setup boxes] 4) Demo taking over your Cable TV BroadCasting.
See publication
Tags: Cybersecurity
Static Analysis and Dynamic Instrumentation for Intelligent Exploit Analysis
Hacker In the Box, Security Conference 2013 - Kuala Lumpur, Malaysia
October 17, 2013
With the rise in the number of targeted attacks against government and private companies, there is a certain requirement for automated exploit analysis and filtering document file formats.
See publication
Tags: Cybersecurity