sip security

• Abusing SIP for Cross-Site Scripting? Most definitely!

  Published Jun 10, 2021

• SIPVicious OSS v0.3.4 released with exit codes and automation features

  Published Jun 2, 2021

• DEMO - An overview of the VoIP and RTC offensive security toolset, SIPVicious PRO

  Published May 25, 2021

• SIPVicious PRO 6.0.0-beta.4 getting close to take-off!

  Published May 20, 2021

• TADSummit Asia 2021 talk about SIPVicious Pro and the Demo Server

  Published May 18, 2021

• SIPVicious OSS 0.3.3 released with new STDIN and target URL specification

  Published Mar 25, 2021

• Bug discovery diaries: Abusing VoIPmonitor for Remote Code Execution

  Published Mar 16, 2021

• SIPVicious OSS 0.3.2 released with more IPv6 goodness!

  Published Mar 3, 2021

• SIPVicious PRO 6.0.0-beta.2 takes STDIN and fixes various bugs

  Published Feb 9, 2021

• Bug discovery diaries: uncovering sngrep overflow issues with blackbox fuzzing

  Published Jan 5, 2021

• SIPVicious PRO beta release contains SIP fuzzer and better automation

  Published Dec 3, 2020

• How doing QA testing for SIPVicious PRO led to an Asterisk DoS

  Published Nov 10, 2020

• ClueCon Weekly with Sandro Gauci, demonstration of SIP Digest Leak

  Published Oct 16, 2020

• The great Kamailio security debate and some misconceptions debunked

  Published Sep 22, 2020

• Smuggling SIP headers past Session Border Controllers FTW!

  Published Sep 1, 2020

• Kamailio World Online SIP and VoIP Security Panel

  Published Aug 27, 2020

• Attacking a real VoIP System with SIPVicious OSS

  Published Jun 8, 2020

• A gentle introduction to caller ID spoofing

  Published May 7, 2020

• Fuzzing PJSIP and chan_skinny, vulnerability information and advisories

  Published May 23, 2017

• New Mascot and Tshirts!! and .. Kamailio World 2016 - 9 Years Of Friendly Scanning And Vicious SIP

  Published May 24, 2016

• Time flies! A summary of updates for the past few years and Kamailio World!

  Published May 13, 2016

• If SIPVicious gives you a ring...

  Published Dec 10, 2012

• SIPVicious 0.2.7 released and rewrite coming up, looking for testers!

  Published Feb 22, 2012

• VOIPPACK updated to v1.4

  Published Jan 25, 2011

• Distributed SIP scanning during Halloween weekend

  Published Nov 4, 2010

• AstriCon roundup and vendors adding security features

  Published Oct 29, 2010

• SIPVicious 0.2.5 out

  Published May 19, 2010

• RTP Traffic to 1.1.1.1

  Published Feb 3, 2010

• Getting phonecalls during the middle of the night on your Asterisk server?

  Published Dec 10, 2009

• VoIP security workshop at BruCON 2009

  Published Sep 17, 2009

• SEC-T in Sweden and SIPVicious update in svn

  Published Sep 7, 2009

• VoIPScanner, SIP Digest Leak tutorial and more!

  Published Apr 1, 2009

• How to set up a VoIP lab

  Published Mar 24, 2009

• Late March updates

  Published Mar 17, 2009

• VOIPPACK released

  Published Jan 6, 2009

• SIPVicious version 0.2.3 with fingerprinting and dns goodies

  Published Jun 3, 2008

• Defcon 15 videos - VoIP related talks

  Published May 2, 2008

• Storming SIP Security - now available just a click away

  Published Apr 1, 2008

• Storming SIP Security

  Published Feb 22, 2008

• Detecting SIP attacks with Snort

  Published Feb 17, 2008

• SIP, TLS and Asterisk 1.6

  Published Feb 8, 2008

• SIP Fingerprinting in SVN

  Published Jan 27, 2008

• introduction to svcrack

  Published Nov 29, 2007

• SIPtap and tapping phone calls

  Published Nov 24, 2007

• its the end of the world as we know it

  Published Nov 21, 2007

• introduction to svmap

  Published Nov 20, 2007

• SIPVicious version 0.2.1 released

  Published Nov 7, 2007

• re-INVITE and authentication

  Published Nov 5, 2007

• More on INVITEing phones to ring

  Published Oct 30, 2007

• how (not) to get your ex back

  Published Oct 30, 2007

• Wiki updates

  Published Oct 18, 2007

• Bluebox podcast mentions SIPVicious

  Published Oct 13, 2007

• XSS in Linksys SPA941

  Published Oct 12, 2007

• SIPVicious 0.2 released

  Published Oct 8, 2007

• A SIP Introduction

  Published Sep 27, 2007

• Microsoft VoIP As You Are

  Published Sep 18, 2007

• SIPVicious tools in the works

  Published Sep 11, 2007

• SIP Security with Cullen Jennings of IETF and Cisco

  Published Sep 8, 2007

• How to turn a Grandstream SIP phone into a remote bug

  Published Aug 24, 2007

• Updates to SIPVicious tools

  Published Aug 24, 2007

• SIPVicious tools for auditing SIP devices

  Published Jul 29, 2007