SIPVicious PRO workshop
Introductory workshop: Getting acquainted with SIPVicious PRO
New SIPVicious PRO members are required to participate in a workshop that introduces them to all the concepts and features of the toolset. It also serves to pass on basic knowledge of the security tests that can be performed with the toolset. It is split as follows:
- Overview, why use SIPVicious PRO, why take an offensive security approach in RTC, feature-set
- Learn: practical tutorial with in depth explanations of each security test based on our main tutorial
- The toolset: further in depth explanation for tests not covered in tutorial especially:
- DoS flood tests
- Fuzzing tests
- How to use the non-security utilities within SVPRO
- Automation: introduction to integration with your CI; how exit codes and JSON output is used
- How to request support and debug SVPRO
This workshop has a strong practical element and attendees join a virtual private server set up for the purpose and attack our target system (
demo.sipvicious.pro) during the practical parts of the workshop. These tests are done on platforms that controlled by Enable Security, the requirements for the attendees are minimal.
Requirements and limitations
- knowledge of SIP and RTP protocols, familiarity with VoIP
- normal usage of SSH and Linux
- maximum number of attendees per session is 15.
The workshop takes 4 hours in total and costs 800 EUR.