VoIP Technical Surveillance Countermeasures

The traditional technical surveillance countermeasures (TSCM) telephony approach has been disrupted by the advent of VoIP instruments and infrastructure. How does an investigator examine an instrument that is both susceptible to traditional, telephony based attack vectors and also vulnerable to new, cutting edge, IP based needs o be validated in the application layer? How does one begin to to understand an instrument that is a fully capable computer, network switch, web server, and voice transmission device?

The purpose of this course is to provide a framework by which the technical investigator can develop a comprehensive plan for examining VoIP instrumentation, servers, and infrastructure. Students will analyze infrastructure in order to determine the difference between a normal and compromised state. Through exercises, labs, and challenges this class hones an investigator’s judgment to perform the critical analysis needed to overcome the adversary’s arsenal of attacks.

Students will receive:

  • USB Drive with all Materials
  • Headphones
  • Student Manual
  • Tool Bag
  • RTPi Kit
  • PoE Tester Gen2
  • AT6-4 Adapter
  • Precision Electrical Probes
  • GigaCure
  • Network Tap v.2



Huntsville, AL




5 days

Class Min/Max

3-12 Students



Day 01

VoIP Review
TSCM Execution
Packet Analysis Labs
PBX Examination

Day 02

Phone Programming
Signal Search Review
The GigaCure

Day 03

TALAN Manual Tests
Improvised Attacks
Equipment Modifications

Day 04

Lab 1: Instruments
Lab 2: Infrastructure
Lab Review

Day 05

Lab 3: VoIP Gauntlet
Gauntlet Review
RTPi Kit Build

Scroll to Top