Skip to main content
Sandro Gauci

Sandro Gauci, Enable Security

New Mascot and Tshirts!! and .. Kamailio World 2016 - 9 Years Of Friendly Scanning And Vicious SIP

Published on May 24, 2016 in , ,

On the presentation

Last week I had the pleasure of presenting something new at Kamailio World 2016. Great community and excellent feedback!

The presentation went through the following:

  • How and why SIPVicious was originally written and published
  • Those strange emails and phone calls asking for special version ;-)
  • RIPE’s 1.1.1.0/24 experiment and how it was interesting in terms of SIP security
  • Sality pushing modified versions of SIPVicious
  • Attackers making use of insecure Tandberg systems to install SIPVicious
  • SVCrash - why it was published and how it worked
  • Security updates from the VoIP and PBX industry
  • Rewriting SIPVicious (various fails)
  • What happened since then and what I’ve been using during VoIP pentests that involve SIP
  • 2016, yet another rewrite on the way
  • New features in this latest rewrite attempt and how they show some important security issues

Some parts were sped up due to the limited time that I had for my presentation, but I think the main points were delivered. If you missed the conference, you can watch the video on Youtube.

T-shirts, mugs, hoodies and fluffy pillows

Oh and about those t-shirts - just published the new SIPVicious mascot design, gave away some swag and they ran out within minutes. So I decided to make it available to anyone who needs to have the friendly-scanner punk all to him or herself! Check out the Spreadshirt shop here.

*Note to Finanzamt and any related entities:
I have removed any commission so that I get no financial profit out of this. Zero. Nil. *


Sandro Gauci

Sandro Gauci

CEO, Chief Mischief Officer at Enable Security

Sandro Gauci leads the operations and research at Enable Security. He is the original developer of SIPVicious OSS, the SIP security testing toolset. His role is to focus on the vision of the company, design offensive security tools and engage in security research and testing. Therefore, he is the proud owner of the title of Chief Mischief Officer at Enable Security.

He offers public office hours and is reachable here.