Tags › voip security
Scanning the Intertubes for VoIP at CONFidence
Published on May 10, 2009 in conferences, trainings, voip security
As I’m writing, plans are being made for my trip to Krakow, Poland for AppSecEU09 (OWASP) and CONFidence. Will be presenting at CONFidence on VoIP security and how it translates to the Internet. It will consist of a sample of the threats that exist out there and are or may be exploited by would be criminals. What this means is that I’ll be describing a healthy dose of SIP and IAX2 abuse together with various live and recorded demos.…
Read more »Troopers09 & IAX2 support
Published on Apr 15, 2009 in voip security, conferences, asterisk
I will be co-presenting in Munich together with Wendel on Web Application Firewall insecurities and dropping some new tools. If any readers are going to be around the area for Troopers09 next week, drop me a note. Beer is mostly welcome. My Twitter account will probably be getting a few updates ;-) As a sidenote.. VOIPPACK now gets IAX2 support, with 3 additional tools. Most notable is IAX2autohack which is very similar to sipautohack but for the Asterisk protocol.…
Read more »SaaS VoIP Security Scanning with VOIPSCANNER.com
Published on Apr 7, 2009 in voip security, security tools
Apply for a beta code now while its still hot! What is VOIPSCANNER.com? VOIPSCANNER.COM makes scanning your public facing IP PBX for security holes easier than ever. No need for desktop applications or any software installation, just enter the IP address of your IP PBX and you will receive a report of what attackers out there might find about your IP PBX. beta.voipscanner.com demo from Sandro Gauci on Vimeo.…
Read more »How to set up a VoIP lab
Published on Mar 24, 2009 in voip security, sip security
Just published a tutorial called “How to set up a VoIP lab” which provides easy step-by-step instructions on how to get a VoIP lab up and running. Abstract: Have you been wondering about what sort of security vulnerabilities apply to the VoIP network that’s coming up in your next assignment but have no equipment to test on yet? Truth is that most of the times there is no need for a lot of expensive hardware to setup a basic lab for testing VoIP security.…
Read more »How to identify Asterisk servers and upload MOSDEF on AsteriskNOW
Published on Feb 18, 2009 in asterisk, voip security
Originally posted this on EnableSecurity’s blog but cross posting since not everyone is subscribed. IAX2Scan and AsteriskNOW_Exec - security testing for Asterisk from Sandro Gauci on Vimeo.…
Read more »VOIP Scanning on the increase
Published on Jan 6, 2009 in voip security, sipvicious oss, security tools, cyber crime
Various service providers and vendors have noticed an increase in VoIP scanning traffic. Arbor Networks mentioned VoIP attacks as one of their increasing concerns. A Norwegian honeynet detected various INVITE requests trying to get VoIP systems on the internet to dial specific numbers. This scan is for open VOIP relays. VoIP attacks are nothing new really and some people in the telco-fraud business seem to have been around for quite a while.…
Read more »Analysis of a VoIP Attack
Published on Oct 24, 2008 in voip security, cyber crime
Klaus Darilion published an interesting paper explaining what happened to German VoIP users and how to mitigate. I suggest that you read this one. Looks like attacks are becoming more and more widespread / mainstream.…
Read more »Ladies and Gentlemen please welcome..
Published on Jun 17, 2008 in voip security, website news
EnableSecurity! I will be publishing my security research and rants as well as providing Security Consultancy, Research and Design. A brief “who am I” can be seen at the Linkedin Profile page, while Google has further details. So what sort of things am I doing? Wireless security auditing Web Application Security VoIP security research Reverse Engineering I’ll continue developing SIPVicious and publish additional tools to help security professionals get the job done.…
Read more »New instructional videos and articles
Published on Apr 20, 2008 in voip security
Archangel Amael posted two new videos related to SIPVicious: Setting up a Vmware image of trixbox Abusing VOIP Networks On his blog you’ll also find a tutorial on setting up trixbox for testing, which is a companion to one of the videos.…
Read more »Storming SIP Security - now available just a click away
Published on Apr 1, 2008 in sip security, voip security
Time to release the hakin9 article to the public. This article was first released in the February editionof the English hakin9 magazine. Download now (takes you to EnableSecurity). Added: The listings can be found here. Thanks for Chris Gates for noticing that I forgot to include the listings.…
Read more »