Posts

• Abusing SIP for Cross-Site Scripting? Most definitely!

  Published Jun 10, 2021

• SIPVicious OSS v0.3.4 released with exit codes and automation features

  Published Jun 2, 2021

• DEMO - An overview of the VoIP and RTC offensive security toolset, SIPVicious PRO

  Published May 25, 2021

• SIPVicious PRO 6.0.0-beta.4 getting close to take-off!

  Published May 20, 2021

• TADSummit Asia 2021 talk about SIPVicious Pro and the Demo Server

  Published May 18, 2021

• OpenSIPIt'01: Lessons learned, STIR/SHAKEN security testing and RFC 8760

  Published Apr 16, 2021

• SIPVicious OSS 0.3.3 released with new STDIN and target URL specification

  Published Mar 25, 2021

• Bug discovery diaries: Abusing VoIPmonitor for Remote Code Execution

  Published Mar 16, 2021

• VoIPmonitor advisories: buffer overflow leading to RCE + XSS vulnerabilities

  Published Mar 15, 2021

• SIPVicious OSS 0.3.2 released with more IPv6 goodness!

  Published Mar 3, 2021

• Communication Breakdown / rtcsec also on FreeRTC and SIP Planet

  Published Feb 12, 2021

• SIPVicious PRO 6.0.0-beta.2 takes STDIN and fixes various bugs

  Published Feb 9, 2021

• Details about CVE-2020-26262, bypass of Coturn's default access control protection

  Published Jan 11, 2021

• Bug discovery diaries: uncovering sngrep overflow issues with blackbox fuzzing

  Published Jan 5, 2021

• SIPVicious PRO beta release contains SIP fuzzer and better automation

  Published Dec 3, 2020

• How doing QA testing for SIPVicious PRO led to an Asterisk DoS

  Published Nov 10, 2020

• ClueCon Weekly with Sandro Gauci, demonstration of SIP Digest Leak

  Published Oct 16, 2020

• RTC Security chat at Kamailio World Online with Daniel and Olle

  Published Oct 5, 2020

• The great Kamailio security debate and some misconceptions debunked

  Published Sep 22, 2020

• Smuggling SIP headers past Session Border Controllers FTW!

  Published Sep 1, 2020

• Kamailio World Online SIP and VoIP Security Panel

  Published Aug 27, 2020

• Bug bounty bout report 0x01 - WebRTC edition

  Published Jun 16, 2020

• Attacking a real VoIP System with SIPVicious OSS

  Published Jun 8, 2020

• SIPVicious PRO v6.0.0 alpha.5 available to our clients

  Published Jun 3, 2020

• A gentle introduction to caller ID spoofing

  Published May 7, 2020

• Awesome RTC hacking list published on Github

  Published Apr 29, 2020

• Jitsi Meet on Docker default passwords - how bad is it, how to detect and fix it

  Published Apr 20, 2020

• How we abused Slack's TURN servers to gain access to internal services

  Published Apr 6, 2020

• What's up with SIPVicious PRO?

  Published Mar 30, 2020

• SIPVicious OSS 0.3.0 released

  Published Mar 10, 2020

• Fuzzing PJSIP and chan_skinny, vulnerability information and advisories

  Published May 23, 2017

• New Mascot and Tshirts!! and .. Kamailio World 2016 - 9 Years Of Friendly Scanning And Vicious SIP

  Published May 24, 2016

• Time flies! A summary of updates for the past few years and Kamailio World!

  Published May 13, 2016

• If SIPVicious gives you a ring...

  Published Dec 10, 2012

• SIPVicious 0.2.7 released and rewrite coming up, looking for testers!

  Published Feb 22, 2012

• Asterisk forensics: the logs vs the attackers

  Published Jan 2, 2012

• VOIPPACK updated to v1.4

  Published Jan 25, 2011

• 11 million Euro loss in VoIP fraud .. and my VoIP logs

  Published Dec 14, 2010

• Distributed SIP scanning during Halloween weekend

  Published Nov 4, 2010

• AstriCon roundup and vendors adding security features

  Published Oct 29, 2010

• BruCON Training: Module 4, Attacking Unified Communications

  Published Sep 7, 2010

• BruCON Training: Module 3, Attacking the media

  Published Sep 2, 2010

• BruCON Training: Module 2, Attacking signaling protocols

  Published Sep 1, 2010

• BruCON Training: Module 1, An Introduction to ...

  Published Aug 31, 2010

• BruCON Training: A crashcourse in pentesting VOIP networks (update)

  Published Aug 30, 2010

• New beta of VIPER VAST released 2.76

  Published Jul 21, 2010

• How to crash SIPVicious - introducing svcrash.py

  Published Jun 22, 2010

• A crashcourse in pentesting VOIP networks at BruCON 2010

  Published Jun 8, 2010

• Getting root access on Cisco CallManager 7 and 8 Server, Athcon, updates in new tool tftptheft and the VoIP honeynet challenge

  Published Jun 1, 2010

• New tool in the works: TFTPTheft

  Published May 28, 2010

• SIPVicious 0.2.5 out

  Published May 19, 2010

• RTP Traffic to 1.1.1.1

  Published Feb 3, 2010

• On breaking phonecall encryption and publishing fake research

  Published Feb 1, 2010

• Getting phonecalls during the middle of the night on your Asterisk server?

  Published Dec 10, 2009

• VIPER VAST includes SIPVicious

  Published Oct 5, 2009

• VoIP security workshop at BruCON 2009

  Published Sep 17, 2009

• SEC-T in Sweden and SIPVicious update in svn

  Published Sep 7, 2009

• HARrrr - Hacking at random

  Published Aug 13, 2009

• How law enforcement sees VoIP

  Published Jul 27, 2009

• Scan your public facing PBX with VOIPSCANNER.com

  Published Jul 17, 2009

• Scanning the Intertubes for VoIP at CONFidence

  Published May 10, 2009

• Troopers09 & IAX2 support

  Published Apr 15, 2009

• SaaS VoIP Security Scanning with VOIPSCANNER.com

  Published Apr 7, 2009

• VoIPScanner, SIP Digest Leak tutorial and more!

  Published Apr 1, 2009

• How to set up a VoIP lab

  Published Mar 24, 2009

• Late March updates

  Published Mar 17, 2009

• How to identify Asterisk servers and upload MOSDEF on AsteriskNOW

  Published Feb 18, 2009

• Phone phreaks are now using call forwarding features to make free phonecalls!

  Published Jan 21, 2009

• VOIPPACK released

  Published Jan 6, 2009

• VOIP Scanning on the increase

  Published Jan 6, 2009

• Introducing EnableSecurity VoIPPack

  Published Dec 13, 2008

• Off to RSA Europe 2008

  Published Oct 26, 2008

• Analysis of a VoIP Attack

  Published Oct 24, 2008

• Upcoming changes in SIPVicious

  Published Sep 9, 2008

• Homeland Security Dept's PBX hacked?

  Published Aug 21, 2008

• Surf Jack - HTTPS will not save you

  Published Aug 11, 2008

• New SIPVicious release 0.2.4

  Published Aug 10, 2008

• Backtrack 3 out - with VoIP security tools

  Published Jun 20, 2008

• Ladies and Gentlemen please welcome..

  Published Jun 17, 2008

• SIPVicious tools roadmap

  Published Jun 11, 2008

• SIPVicious version 0.2.3 with fingerprinting and dns goodies

  Published Jun 3, 2008

• VoIP and identity fraud on the BBC

  Published May 15, 2008

• Defcon 15 videos - VoIP related talks

  Published May 2, 2008

• OSSEC v1.5 now has builtin Asterisk rules

  Published May 2, 2008

• Infosec Europe 2008

  Published Apr 22, 2008

• New instructional videos and articles

  Published Apr 20, 2008

• Storming SIP Security - now available just a click away

  Published Apr 1, 2008

• Blackhat Europe Briefings Day 2

  Published Mar 29, 2008

• Blackhat Europe Briefings Day 1

  Published Mar 28, 2008

• Blackhat Europe && Twitter

  Published Mar 27, 2008

• Blackhat Europe

  Published Mar 23, 2008

• SIPVicious tool suite on Backtrack 3 beta

  Published Mar 21, 2008

• Using OSSEC to detect attacks on an Asterisk box

  Published Mar 15, 2008

• Swatters using VoIP to spoof caller id

  Published Mar 14, 2008

• Storming SIP Security

  Published Feb 22, 2008

• Detecting SIP attacks with Snort

  Published Feb 17, 2008

• SIP, TLS and Asterisk 1.6

  Published Feb 8, 2008

• Most popular topics on SIPVicious blog

  Published Feb 4, 2008

• SIP Fingerprinting in SVN

  Published Jan 27, 2008

• Call Jacking: Phreaking the BT home hub

  Published Jan 21, 2008

• Vishing alarming rise

  Published Jan 21, 2008

• VoIP Security Vulnerabilities - a SANS GIAC paper

  Published Jan 11, 2008

• 24c3 quick roundup

  Published Dec 31, 2007

• 24c3 photos

  Published Dec 28, 2007

• Whats brewing on the SIPVicious front

  Published Dec 19, 2007

• Password policies for PBX servers

  Published Dec 11, 2007

• 24C3 coming up

  Published Dec 1, 2007

• introduction to svcrack

  Published Nov 29, 2007

• SIPtap and tapping phone calls

  Published Nov 24, 2007

• its the end of the world as we know it

  Published Nov 21, 2007

• introduction to svmap

  Published Nov 20, 2007

• SIPVicious version 0.2.1 released

  Published Nov 7, 2007

• re-INVITE and authentication

  Published Nov 5, 2007

• SIPVicious 0.2.1 public beta

  Published Nov 3, 2007

• More on INVITEing phones to ring

  Published Oct 30, 2007

• how (not) to get your ex back

  Published Oct 30, 2007

• Server impersonation and SIP

  Published Oct 28, 2007

• How to get the job done - a short story

  Published Oct 23, 2007

• tshirts and mugs!

  Published Oct 20, 2007

• Wiki updates

  Published Oct 18, 2007

• Bluebox podcast mentions SIPVicious

  Published Oct 13, 2007

• XSS in Linksys SPA941

  Published Oct 12, 2007

• On reporting bugs and recent bug fixes

  Published Oct 11, 2007

• SIPVicious 0.2 released

  Published Oct 8, 2007

• Ladies and Gentlemen, please welcome

  Published Oct 6, 2007

• SIPVicious tools 0.1.9 .. aka 0.2 beta

  Published Oct 3, 2007

• A SIP Introduction

  Published Sep 27, 2007

• Another interview with Robert Moore

  Published Sep 26, 2007

• MediaDefender Phone Call was over VoIP

  Published Sep 18, 2007

• Microsoft VoIP As You Are

  Published Sep 18, 2007

• SIPVicious tools in the works

  Published Sep 11, 2007

• SIP Security with Cullen Jennings of IETF and Cisco

  Published Sep 8, 2007

• Security Analysis of Voice-over-IP Protocols

  Published Sep 7, 2007

• VoIP security related blogs

  Published Aug 30, 2007

• How to turn a Grandstream SIP phone into a remote bug

  Published Aug 24, 2007

• Updates to SIPVicious tools

  Published Aug 24, 2007

• Cisco IP Phone 7940 exploits

  Published Aug 22, 2007

• SIP softphone buffer overflow demo

  Published Aug 8, 2007

• Interview with a VoIP hacker

  Published Aug 3, 2007

• SIPVicious tools for auditing SIP devices

  Published Jul 29, 2007

• SIPVicious launched

  Published Jul 29, 2007