Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

Hunting PBX for Vulnerabilities

Sachin Wagh & Himanshu Mehta

1 vote(s)

It’s always exciting to know how the hackers are finding new ways to gain access to your organization. Protection of the PBX is thus a high priority. Private Branch Exchange (PBX) is an essential component that supports the critical functions of your organization.

In our talk, the following categories and demonstration will be included:

- Information Gathering
- Internet connected PBX and gaining access
- Password Security
- Caller ID Spoofing
- Softphone Security
- Vulnerabilities
- Impact
- Mitigation

Failing to protect your PBX can expose your organization to loss of confidential information or financial damage. Most of the organizations which have implemented PBX are either unaware or ignore the security issues with PBX. The real key to effective security is to keep ourselves always updated. Once you understand the threat you are in a much better position to deploy security effectively.


Sachin Wagh has over four years of experience in penetration testing, vulnerability assessment and network security. He is an independent security researcher. Executed a number of External and Internal Vulnerability Assessment, Penetration Testing activities. He has acquired several certifications like CEH, and ECSA. Acknowledged by Google, Microsoft, Ebay, Nokia, Intel, F-secure, Tesla and many more for reporting security vulnerabilities. He has multiple CVE’s and BIDs under his name for reporting vulnerabilities in various products. Some of CVE’s reported by him CVE-2018-3812, CVE-2017-6517, CVE-2017-9542, and CVE-2016-6592. Presented his security research paper at Hakon & National Cyber Security Conference Currently, he is working as security analyst at Symantec.


Himanshu Mehta is passionate about Computer Security and due to this reason he actively and responsibly disclose security vulnerabilities to vendors. He is also involved in several bug bounty and Capture the Flag programs. As an advisory board member of EC-Council’s Licensed Penetration Tester group, he actively contribute to make security certification more challenging and interesting. He is also board member at Convet.it contributing on the discussion - Future of Cyber Security in Transforming Businesses. He has been invited as Chief Guest for several security events and presented his security research paper at Hakon & National Cyber Security Conference.