Corporate voice network, also known as Voice over IP (VoIP) network, turns out to be an interesting target for those looking for confidential and private information. In my experience though, this target is often underestimated both by intruders or ethical hackers during their engagement, but also by company security officers.
In this article, I will go through a very practical case, using some well known tools to demonstrate the potential lack of security on VoIP networks. I’ll explain, step by step, how I’ve been using these tools, sometimes not exactly how they’re supposed to be used but that’s just how I managed to make it work altogether.
This example focuses on a specific VoIP technical environment and setup, and serves the only purpose of raising awareness on how easy it is to hack VoIP communications.