SlideShare a Scribd company logo

VoIP Wars: The Phreakers Awaken

Fatih Ozavci
Fatih Ozavci

This document discusses vulnerabilities in voice over IP (VoIP) and unified communications systems. It begins by introducing the speaker and their background in VoIP security. It then outlines various attack vectors such as exploiting vulnerabilities in signaling protocols, message content, and unified messaging features to inject malicious content or execute code. The document emphasizes that securing UC involves more than just securing VoIP, and recommends approaches like secure infrastructure design, authentication, and client protection to help secure these systems.

Technology
1 of 42
Download to read offline
VOIP WARS: THE PHREAKERS AWAKEN Fatih Ozavci – @fozavci Managing Consultant – Context Information Security
2 Fatih Ozavci, Managing Consultant VoIP & phreaking Mobile applications and devices Network infrastructure CPE, hardware and IoT hacking Author of Viproy and VoIP Wars Public speaker and trainer  Blackhat, Defcon, HITB, AusCert, Troopers
3 Fundamentals Design Vulnerabilities Practical UC Attacks UC and IMS fundamentals Security issues and vulnerabilities Practical attacks Securing communication services
4 Audio Call TDM Alice Bob
5 Alice Signalling Media RTP Proxy SIP Server Bob
6 Alice Signalling Media RTP Proxy SIP Server Bob
7 Alice Signalling Media RTP Proxy SIP Server Bob
8 1- REGISTER 1- 200 OK 2- INVITE SDP/XML 2- 100 Trying 3- INVITE SDP/XML 3- 200 OK SDP/XML 4- ACK RTP RTP 4- 200 OK SDP/XML SIP Server Phone A Phone BRTP Proxy RTP Proxy RTP SIP Headers • Caller ID • Billing SIP Content • SDP • Enc. Keys RTP Content • Audio/Video • File sharing • RDP
9
10
11 VoIP Server Windows Server Office Server Active Directory Virtual Machines 1 2 ABC 3 DEF 4 5 JKL 6 MNOGHI 7 8 TUV 9 WXYZPQRS * 0 OPER # ? + - CISCO IP PHONE 7970 SERIES
12 SIP & Media Server Database Server Tenant Services Management Applications Client Applications PBX Shared Services 1 2 ABC 3 DEF 4 5 JKL 6 MNOGHI 7 8 TUV 9 WXYZPQRS * 0 OPER # ? + - CISCO IP PHONE 7970 SERIES
13 Edge Server sky.com Edge Server kenobi.com DNS Server DNS / SRV DNS / SRV SIP / RTP Kenobi Corp Phone X x@kenobi.com VoIP Server Windows Server Office Server Active Directory Virtual Machines Phone A a@sky.com Skywalker Corp Phone B b@sky.com Phone C c@sky.com
14 Call Session Control Function (P-CSCF, S-CSCF, I-CSCF) VoLTE/LTE Infrastructure Mobile Subscribers UC/VoIP Subscribers Session Border Controller (SBC) Session Border Controller (SBC) ACCESS NETWORK ACCESS NETWORKCORE NETWORK Application Server (AS) Home Subscriber Server (HSS) Media Resource Function MRFC / MRFP
15 Inter-vendor security issues INSUFFICIENT client management Missing client monitoring Missing software updates NO SIP/SDP or message filtering Centralised attack deployment Internal trust relationships Meeting and conferencing options Flexible collaboration options
16 Content transferred to clients SIP/SDP content (e.g. format, codecs) Rich messaging (e.g. rtf, html, audio) Unified messaging Injecting files, XSS, phishing, RCE File transfers, embedded content Communication subsystem Call or SIP headers Rarely secured protocols (e.g. MSRP)
17 Engage through a first contact point UC messaging, conference invitation, courtesy phones Combine old and new techniques Use UC for malicious activities (e.g. MS-RTASPF)
18 Red Teaming Exercises Courtesy phones, conference rooms, media gateways Human Factor Testing Vishing, smishing, instant messaging, UC exploits Infrastructure Analysis Toll fraud, caller ID spoofing, TDoS/DDoS Application Security Assessments Management portals, self-care portals WebRTC, VoIP/UC apps, IVR software
19 Service requirements Cloud, subscriber services, IMS Billing, recordings, CDR, encryption Trusted servers and gateways SIP proxies, federations, SBCs SIP headers used (e.g. ID, billing) Tele/Video conference settings Analyse the encryption design SIP/(M)TLS, SRTP (SDES, ZRTP, MIKEY)
20 SIP header analysis  Caller ID spoofing, billing bypass Communication types allowed  File transfer, RDP, MSRP, teleconference Message content-types allowed  XSS, corrupted RTF, HTML5, images Conference and collaboration Fuzzing clients and servers  SIP headers, SDP content, file types  Combine with known attacks
21 Attacks with NO user interaction Calls with caller ID spoofing Fake IVR, social engineering Messages with caller ID spoofing Smishing (e.g. fake software update) Injected XSS, file-type exploits Bogus content-types or messages Meetings, multi-callee events Attacking infrastructure Raspberry PI with PoE, Eavesdropping
22 Unified Communication Solutions  Cisco Hosted Collaboration Suite  Microsoft Skype for Business (a.k.a Lync)  Free software (e.g. Kamalio, OpenIMS)  Other vendors (Avaya, Alcatel, Huawei) Attacking through  Signalling services  Messaging, voicemail and conference system  Cloud management and billing  Authorisation scheme  Client services (self-care, IP phone services)
23 Vulnerable CPE Credential extraction Attacking through embedded devices Insecurely located distributors Hardware hacking, eavesdropping SIP header and manipulation for Toll Fraud Attacking legacy systems (e.g. Nortel?) Voicemail hijacking
24 Analysing encryption design Implementation (e.g. SRTP, SIP/TLS) Inter-vendor SRTP key exchange Privacy and PCI compliance Network segregation IVR recordings (e.g. RTP events) Eavesdropping Call recordings security
25 Inter-vendor services design Network and service segregation *CSCF locations, SBC services used VoLTE design, application services SIP headers are very sensitive Internal trust relationships Filtered/Ignored SIP headers Caller ID spoofing, Billing bypass Encryption design (SIP, SRTP, MSRP)
26 Viproy VoIP Penetration Testing Kit (v4) VoIP modules for Metasploit Framework SIP, Skinny and MSRP services SIP authentication, fuzzing, business logic tests Cisco CUCDM exploits, trust analyser... Viproxy MITM Security Analyser (v3) A standalone Metasploit Framework module Supports TCP/TLS interception with custom TLS certs Provides a command console to analyse custom protocols
27 Cloud communications SIP header tests, caller ID spoofing, Billing bypass, hijacking IP phones Signalling services Attacking tools for SIP and Skinny Advanced SIP attacks  Proxy bounce, SIP trust hacking  Custom headers, custom message-types UC tests w/ Viproxy + Real Client
28 SIGNALLING / MESSAGING • SDP / XML • SIP Headers • XMPP • MSRP CONTENT • Message types (HTML, RTF, Docs) • File types (Docs, Codecs) • Caller ID Spoofing • DoS / TDoS / Robocalls, Smishing FORWARDED REQUESTS • Call Settings • Message Content NO USER INTERACTION • Call request parsing • Message content parsing • 3rd party libraries reachable
29
31 Unified Messaging Message types (e.g. rtf, html, images) Message content (e.g. JavaScript) File transfers and sharing features Code or script execution (e.g. SFB) Encoding (e.g. Base64, Charset) Various protocols MSRP, XMPP, SIP/MESSAGE Combining other attacks
32 MANIPULATE SIP CONTENT INJECT MALICIOUS SUBJECTS SEND PHISHING MESSAGES Skype for Business Attacker’s Client Viproxy Interactive Console HACME 1 HACME 2 HACME 3 Attacker’s Client TLS / Proxy Certificate Compression Console Enabling Features Content Injection Security Bypass
34 UC content forwarded to UC clients (NO interaction) SIP INVITE headers Message content SIP/SDP content Office 365 Federations *MS15-123 Skype for Business Attacker’s Client Viproxy Skype for Business Server Changed Request Forwarded Request Call Request
35 URL filter bypass via JavaScript <script>var u1="ht"; u2="tp"; u3="://";o="w"; k="."; i=""; u4=i.concat(o,o,o,k); window.location=u1+u2+u3+u4+"viproy.com"</script> Script execution via SIP messages <script>window.location="viproy.com"</script> Script execution via SIP headers Ms-IM-Format: text/html; charset=UTF-8; ms- body=PHNjcmlwdD53aW5kb3cubG9jYXRpb249Imh0dHA6Ly93d3cudmlwc m95LmNvbSI8L3NjcmlwdD4=
36 Attacking through a PBX or proxy Sending a meeting request Using a CUSTOM SIP header Waiting for the shells Viproy Skype for Business Server SIP PBX Server Forwarded Meeting Request Meeting Request (Attack in SIP headers) PRIVATE NETWORK Forwarded Requests
38 Secure design Enforce security via SBCs Messaging, SIP headers, meetings… Enforce authentication Secure inter-vendor configuration Protect the legacy systems Protect the clients
39 Securing Unified Communications (UC) is NOT just securing VoIP. Brace yourselves, VoIP/UC are attacks are coming. #TaylorYourCommunicationSecurity !
40 Viproy VoIP Penetration Testing Kit http://www.viproy.com Context Information Security http://www.contextis.com
QUESTIONS?
THANKS!

Recommended

Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Fatih Ozavci
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancerxKinAnx
 
Big ip f5 ltm load balancing methods
Big ip f5 ltm load balancing methodsBig ip f5 ltm load balancing methods
Big ip f5 ltm load balancing methodsUtpal Sinha
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Email Forensics
Email ForensicsEmail Forensics
Email ForensicsGol D Roger
 

Recommended

Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Fatih Ozavci
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancerxKinAnx
 
Big ip f5 ltm load balancing methods
Big ip f5 ltm load balancing methodsBig ip f5 ltm load balancing methods
Big ip f5 ltm load balancing methodsUtpal Sinha
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Email Forensics
Email ForensicsEmail Forensics
Email ForensicsGol D Roger
 
BGA Pentest Hizmeti
BGA Pentest HizmetiBGA Pentest Hizmeti
BGA Pentest HizmetiBGA Cyber Security
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İnceleme
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İncelemeBilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İnceleme
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İncelemeBGA Cyber Security
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
DDoS Saldırıları ve Korunma Yöntemleri ile E-posta ve ATM Güvenliği
DDoS Saldırıları ve Korunma Yöntemleri ile E-posta ve ATM GüvenliğiDDoS Saldırıları ve Korunma Yöntemleri ile E-posta ve ATM Güvenliği
DDoS Saldırıları ve Korunma Yöntemleri ile E-posta ve ATM GüvenliğiBGA Cyber Security
 
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm ÖnerileriDNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm ÖnerileriBGA Cyber Security
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hackingarushi bhatnagar
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
DoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriDoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriBGA Cyber Security
 
Port Scanning
Port ScanningPort Scanning
Port Scanningamiable_indian
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA FirewallsBryley Systems Inc.
 
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanWAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanLior Rotkovitch
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Log Yönetimi ve Saldırı Analizi Eğitimi - 2
Log Yönetimi ve Saldırı Analizi Eğitimi - 2Log Yönetimi ve Saldırı Analizi Eğitimi - 2
Log Yönetimi ve Saldırı Analizi Eğitimi - 2BGA Cyber Security
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 10, 11, 12
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 10, 11, 12Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 10, 11, 12
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 10, 11, 12BGA Cyber Security
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Indigo Product And Technology Overivew 2005
Indigo Product And Technology Overivew 2005 Indigo Product And Technology Overivew 2005
Indigo Product And Technology Overivew 2005 ir. Carmelo Zaccone
 
Take a sip of sip
Take a sip of sipTake a sip of sip
Take a sip of sipLuxoftTraining
 

More Related Content

What's hot

Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İnceleme
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İncelemeBilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İnceleme
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İncelemeBGA Cyber Security
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
DDoS Saldırıları ve Korunma Yöntemleri ile E-posta ve ATM Güvenliği
DDoS Saldırıları ve Korunma Yöntemleri ile E-posta ve ATM GüvenliğiDDoS Saldırıları ve Korunma Yöntemleri ile E-posta ve ATM Güvenliği
DDoS Saldırıları ve Korunma Yöntemleri ile E-posta ve ATM GüvenliğiBGA Cyber Security
 
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm ÖnerileriDNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm ÖnerileriBGA Cyber Security
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
DoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriDoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriBGA Cyber Security
 
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanWAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanLior Rotkovitch
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Log Yönetimi ve Saldırı Analizi Eğitimi - 2
Log Yönetimi ve Saldırı Analizi Eğitimi - 2Log Yönetimi ve Saldırı Analizi Eğitimi - 2
Log Yönetimi ve Saldırı Analizi Eğitimi - 2BGA Cyber Security
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 10, 11, 12
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 10, 11, 12Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 10, 11, 12
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 10, 11, 12BGA Cyber Security
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 

What's hot (20)

BGA Pentest Hizmeti
BGA Pentest HizmetiBGA Pentest Hizmeti
BGA Pentest Hizmeti
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
 
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İnceleme
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İncelemeBilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İnceleme
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İnceleme
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
DDoS Saldırıları ve Korunma Yöntemleri ile E-posta ve ATM Güvenliği
DDoS Saldırıları ve Korunma Yöntemleri ile E-posta ve ATM GüvenliğiDDoS Saldırıları ve Korunma Yöntemleri ile E-posta ve ATM Güvenliği
DDoS Saldırıları ve Korunma Yöntemleri ile E-posta ve ATM Güvenliği
 
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm ÖnerileriDNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Port scanning
Port scanningPort scanning
Port scanning
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
DoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriDoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma Yöntemleri
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanWAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Log Yönetimi ve Saldırı Analizi Eğitimi - 2
Log Yönetimi ve Saldırı Analizi Eğitimi - 2Log Yönetimi ve Saldırı Analizi Eğitimi - 2
Log Yönetimi ve Saldırı Analizi Eğitimi - 2
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 10, 11, 12
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 10, 11, 12Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 10, 11, 12
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 10, 11, 12
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 

Similar to VoIP Wars: The Phreakers Awaken

Indigo Product And Technology Overivew 2005
Indigo Product And Technology Overivew 2005 Indigo Product And Technology Overivew 2005
Indigo Product And Technology Overivew 2005 ir. Carmelo Zaccone
 
Tlc 004 - take a sip of sip
Tlc 004 - take a sip of sipTlc 004 - take a sip of sip
Tlc 004 - take a sip of sipAnna Volynkina
 
Security Issues In Voip
Security Issues In VoipSecurity Issues In Voip
Security Issues In VoipWaqas Daar
 
OST Market - Hybrid Case Histories
OST Market - Hybrid Case HistoriesOST Market - Hybrid Case Histories
OST Market - Hybrid Case HistoriesRoberto Galoppini
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
Expocomm VoIP Presentation
Expocomm VoIP PresentationExpocomm VoIP Presentation
Expocomm VoIP Presentationdiego gosmar
 
Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)SI3D systems
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)Fatih Ozavci
 
Privacy Enhanced RTP Conferencing with WebRTC - PERC
Privacy Enhanced RTP Conferencing with WebRTC - PERCPrivacy Enhanced RTP Conferencing with WebRTC - PERC
Privacy Enhanced RTP Conferencing with WebRTC - PERCArnaud BUDKIEWICZ
 
Understanding VoIP - 1
Understanding VoIP - 1Understanding VoIP - 1
Understanding VoIP - 1Adebayo Ojo
 
Sinnreich Henry Johnston Alan Pt 1
Sinnreich Henry Johnston Alan Pt 1Sinnreich Henry Johnston Alan Pt 1
Sinnreich Henry Johnston Alan Pt 1Carl Ford
 
Current trends and innovations in voice over IP
Current trends and innovations in voice over IPCurrent trends and innovations in voice over IP
Current trends and innovations in voice over IPALTANAI BISHT
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 
SIP servers on embedded systems: Powering SoHo communications
SIP servers on embedded systems: Powering SoHo communicationsSIP servers on embedded systems: Powering SoHo communications
SIP servers on embedded systems: Powering SoHo communicationsRADVISION Ltd.
 
Audiocodes, Plantronics Cisco
Audiocodes, Plantronics CiscoAudiocodes, Plantronics Cisco
Audiocodes, Plantronics CiscoUcpartners.com.au
 

Similar to VoIP Wars: The Phreakers Awaken (20)

Indigo Product And Technology Overivew 2005
Indigo Product And Technology Overivew 2005 Indigo Product And Technology Overivew 2005
Indigo Product And Technology Overivew 2005
 
Take a sip of sip
Take a sip of sipTake a sip of sip
Take a sip of sip
 
Tlc 004 - take a sip of sip
Tlc 004 - take a sip of sipTlc 004 - take a sip of sip
Tlc 004 - take a sip of sip
 
Security Issues In Voip
Security Issues In VoipSecurity Issues In Voip
Security Issues In Voip
 
SBC: Do I really need it?
SBC: Do I really need it?SBC: Do I really need it?
SBC: Do I really need it?
 
OST Market - Hybrid Case Histories
OST Market - Hybrid Case HistoriesOST Market - Hybrid Case Histories
OST Market - Hybrid Case Histories
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
Oki Printers, Audiocodes
Oki Printers, AudiocodesOki Printers, Audiocodes
Oki Printers, Audiocodes
 
Yeastar My pbx soho_datasheet_en
Yeastar My pbx soho_datasheet_enYeastar My pbx soho_datasheet_en
Yeastar My pbx soho_datasheet_en
 
Expocomm VoIP Presentation
Expocomm VoIP PresentationExpocomm VoIP Presentation
Expocomm VoIP Presentation
 
Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
 
Privacy Enhanced RTP Conferencing with WebRTC - PERC
Privacy Enhanced RTP Conferencing with WebRTC - PERCPrivacy Enhanced RTP Conferencing with WebRTC - PERC
Privacy Enhanced RTP Conferencing with WebRTC - PERC
 
Understanding VoIP - 1
Understanding VoIP - 1Understanding VoIP - 1
Understanding VoIP - 1
 
Sinnreich Henry Johnston Alan Pt 1
Sinnreich Henry Johnston Alan Pt 1Sinnreich Henry Johnston Alan Pt 1
Sinnreich Henry Johnston Alan Pt 1
 
Current trends and innovations in voice over IP
Current trends and innovations in voice over IPCurrent trends and innovations in voice over IP
Current trends and innovations in voice over IP
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
 
SIP servers on embedded systems: Powering SoHo communications
SIP servers on embedded systems: Powering SoHo communicationsSIP servers on embedded systems: Powering SoHo communications
SIP servers on embedded systems: Powering SoHo communications
 
Audiocodes, Plantronics Cisco
Audiocodes, Plantronics CiscoAudiocodes, Plantronics Cisco
Audiocodes, Plantronics Cisco
 
SIP info
SIP infoSIP info
SIP info
 

More from Fatih Ozavci

Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceFatih Ozavci
 
Viproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik DenetimiViproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik DenetimiFatih Ozavci
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 
Mahremiyetinizi Koruyun
Mahremiyetinizi KoruyunMahremiyetinizi Koruyun
Mahremiyetinizi KoruyunFatih Ozavci
 
NGN ve VoIP Ağları Güvenlik Denetimi
NGN ve VoIP Ağları Güvenlik DenetimiNGN ve VoIP Ağları Güvenlik Denetimi
NGN ve VoIP Ağları Güvenlik DenetimiFatih Ozavci
 
Metasploit Framework ile Exploit Gelistirme
Metasploit Framework ile Exploit GelistirmeMetasploit Framework ile Exploit Gelistirme
Metasploit Framework ile Exploit GelistirmeFatih Ozavci
 
MBFuzzer : MITM Fuzzing for Mobile Applications
MBFuzzer : MITM Fuzzing for Mobile ApplicationsMBFuzzer : MITM Fuzzing for Mobile Applications
MBFuzzer : MITM Fuzzing for Mobile ApplicationsFatih Ozavci
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
 
Metasploit Framework - Giris Seviyesi Guvenlik Denetim Rehberi
Metasploit Framework - Giris Seviyesi Guvenlik Denetim RehberiMetasploit Framework - Giris Seviyesi Guvenlik Denetim Rehberi
Metasploit Framework - Giris Seviyesi Guvenlik Denetim RehberiFatih Ozavci
 
Bilgi Guvenligi Temel Kavramlar
Bilgi Guvenligi Temel Kavramlar Bilgi Guvenligi Temel Kavramlar
Bilgi Guvenligi Temel Kavramlar Fatih Ozavci
 
Mahremiyet Ekseninde Ozgur Yazilimlar
Mahremiyet Ekseninde Ozgur YazilimlarMahremiyet Ekseninde Ozgur Yazilimlar
Mahremiyet Ekseninde Ozgur YazilimlarFatih Ozavci
 
Ozgur Yazilimlar ile Saldiri Yontemleri
Ozgur Yazilimlar ile Saldiri YontemleriOzgur Yazilimlar ile Saldiri Yontemleri
Ozgur Yazilimlar ile Saldiri YontemleriFatih Ozavci
 
Ozgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik DenetimiOzgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik DenetimiFatih Ozavci
 
Metasploit Framework ile Güvenlik Denetimi
Metasploit Framework ile Güvenlik DenetimiMetasploit Framework ile Güvenlik Denetimi
Metasploit Framework ile Güvenlik DenetimiFatih Ozavci
 

More from Fatih Ozavci (14)

Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
 
Viproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik DenetimiViproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik Denetimi
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
 
Mahremiyetinizi Koruyun
Mahremiyetinizi KoruyunMahremiyetinizi Koruyun
Mahremiyetinizi Koruyun
 
NGN ve VoIP Ağları Güvenlik Denetimi
NGN ve VoIP Ağları Güvenlik DenetimiNGN ve VoIP Ağları Güvenlik Denetimi
NGN ve VoIP Ağları Güvenlik Denetimi
 
Metasploit Framework ile Exploit Gelistirme
Metasploit Framework ile Exploit GelistirmeMetasploit Framework ile Exploit Gelistirme
Metasploit Framework ile Exploit Gelistirme
 
MBFuzzer : MITM Fuzzing for Mobile Applications
MBFuzzer : MITM Fuzzing for Mobile ApplicationsMBFuzzer : MITM Fuzzing for Mobile Applications
MBFuzzer : MITM Fuzzing for Mobile Applications
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP Gateways
 
Metasploit Framework - Giris Seviyesi Guvenlik Denetim Rehberi
Metasploit Framework - Giris Seviyesi Guvenlik Denetim RehberiMetasploit Framework - Giris Seviyesi Guvenlik Denetim Rehberi
Metasploit Framework - Giris Seviyesi Guvenlik Denetim Rehberi
 
Bilgi Guvenligi Temel Kavramlar
Bilgi Guvenligi Temel Kavramlar Bilgi Guvenligi Temel Kavramlar
Bilgi Guvenligi Temel Kavramlar
 
Mahremiyet Ekseninde Ozgur Yazilimlar
Mahremiyet Ekseninde Ozgur YazilimlarMahremiyet Ekseninde Ozgur Yazilimlar
Mahremiyet Ekseninde Ozgur Yazilimlar
 
Ozgur Yazilimlar ile Saldiri Yontemleri
Ozgur Yazilimlar ile Saldiri YontemleriOzgur Yazilimlar ile Saldiri Yontemleri
Ozgur Yazilimlar ile Saldiri Yontemleri
 
Ozgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik DenetimiOzgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik Denetimi
 
Metasploit Framework ile Güvenlik Denetimi
Metasploit Framework ile Güvenlik DenetimiMetasploit Framework ile Güvenlik Denetimi
Metasploit Framework ile Güvenlik Denetimi
 

Recently uploaded

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Recently uploaded (20)

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

VoIP Wars: The Phreakers Awaken

  • 1. VOIP WARS: THE PHREAKERS AWAKEN Fatih Ozavci – @fozavci Managing Consultant – Context Information Security
  • 2. 2 Fatih Ozavci, Managing Consultant VoIP & phreaking Mobile applications and devices Network infrastructure CPE, hardware and IoT hacking Author of Viproy and VoIP Wars Public speaker and trainer  Blackhat, Defcon, HITB, AusCert, Troopers
  • 3. 3 Fundamentals Design Vulnerabilities Practical UC Attacks UC and IMS fundamentals Security issues and vulnerabilities Practical attacks Securing communication services
  • 8. 8 1- REGISTER 1- 200 OK 2- INVITE SDP/XML 2- 100 Trying 3- INVITE SDP/XML 3- 200 OK SDP/XML 4- ACK RTP RTP 4- 200 OK SDP/XML SIP Server Phone A Phone BRTP Proxy RTP Proxy RTP SIP Headers • Caller ID • Billing SIP Content • SDP • Enc. Keys RTP Content • Audio/Video • File sharing • RDP
  • 9. 9
  • 10. 10
  • 12. 12 SIP & Media Server Database Server Tenant Services Management Applications Client Applications PBX Shared Services 1 2 ABC 3 DEF 4 5 JKL 6 MNOGHI 7 8 TUV 9 WXYZPQRS * 0 OPER # ? + - CISCO IP PHONE 7970 SERIES
  • 13. 13 Edge Server sky.com Edge Server kenobi.com DNS Server DNS / SRV DNS / SRV SIP / RTP Kenobi Corp Phone X x@kenobi.com VoIP Server Windows Server Office Server Active Directory Virtual Machines Phone A a@sky.com Skywalker Corp Phone B b@sky.com Phone C c@sky.com
  • 14. 14 Call Session Control Function (P-CSCF, S-CSCF, I-CSCF) VoLTE/LTE Infrastructure Mobile Subscribers UC/VoIP Subscribers Session Border Controller (SBC) Session Border Controller (SBC) ACCESS NETWORK ACCESS NETWORKCORE NETWORK Application Server (AS) Home Subscriber Server (HSS) Media Resource Function MRFC / MRFP
  • 15. 15 Inter-vendor security issues INSUFFICIENT client management Missing client monitoring Missing software updates NO SIP/SDP or message filtering Centralised attack deployment Internal trust relationships Meeting and conferencing options Flexible collaboration options
  • 16. 16 Content transferred to clients SIP/SDP content (e.g. format, codecs) Rich messaging (e.g. rtf, html, audio) Unified messaging Injecting files, XSS, phishing, RCE File transfers, embedded content Communication subsystem Call or SIP headers Rarely secured protocols (e.g. MSRP)
  • 17. 17 Engage through a first contact point UC messaging, conference invitation, courtesy phones Combine old and new techniques Use UC for malicious activities (e.g. MS-RTASPF)
  • 18. 18 Red Teaming Exercises Courtesy phones, conference rooms, media gateways Human Factor Testing Vishing, smishing, instant messaging, UC exploits Infrastructure Analysis Toll fraud, caller ID spoofing, TDoS/DDoS Application Security Assessments Management portals, self-care portals WebRTC, VoIP/UC apps, IVR software
  • 19. 19 Service requirements Cloud, subscriber services, IMS Billing, recordings, CDR, encryption Trusted servers and gateways SIP proxies, federations, SBCs SIP headers used (e.g. ID, billing) Tele/Video conference settings Analyse the encryption design SIP/(M)TLS, SRTP (SDES, ZRTP, MIKEY)
  • 20. 20 SIP header analysis  Caller ID spoofing, billing bypass Communication types allowed  File transfer, RDP, MSRP, teleconference Message content-types allowed  XSS, corrupted RTF, HTML5, images Conference and collaboration Fuzzing clients and servers  SIP headers, SDP content, file types  Combine with known attacks
  • 21. 21 Attacks with NO user interaction Calls with caller ID spoofing Fake IVR, social engineering Messages with caller ID spoofing Smishing (e.g. fake software update) Injected XSS, file-type exploits Bogus content-types or messages Meetings, multi-callee events Attacking infrastructure Raspberry PI with PoE, Eavesdropping
  • 22. 22 Unified Communication Solutions  Cisco Hosted Collaboration Suite  Microsoft Skype for Business (a.k.a Lync)  Free software (e.g. Kamalio, OpenIMS)  Other vendors (Avaya, Alcatel, Huawei) Attacking through  Signalling services  Messaging, voicemail and conference system  Cloud management and billing  Authorisation scheme  Client services (self-care, IP phone services)
  • 23. 23 Vulnerable CPE Credential extraction Attacking through embedded devices Insecurely located distributors Hardware hacking, eavesdropping SIP header and manipulation for Toll Fraud Attacking legacy systems (e.g. Nortel?) Voicemail hijacking
  • 24. 24 Analysing encryption design Implementation (e.g. SRTP, SIP/TLS) Inter-vendor SRTP key exchange Privacy and PCI compliance Network segregation IVR recordings (e.g. RTP events) Eavesdropping Call recordings security
  • 25. 25 Inter-vendor services design Network and service segregation *CSCF locations, SBC services used VoLTE design, application services SIP headers are very sensitive Internal trust relationships Filtered/Ignored SIP headers Caller ID spoofing, Billing bypass Encryption design (SIP, SRTP, MSRP)
  • 26. 26 Viproy VoIP Penetration Testing Kit (v4) VoIP modules for Metasploit Framework SIP, Skinny and MSRP services SIP authentication, fuzzing, business logic tests Cisco CUCDM exploits, trust analyser... Viproxy MITM Security Analyser (v3) A standalone Metasploit Framework module Supports TCP/TLS interception with custom TLS certs Provides a command console to analyse custom protocols
  • 27. 27 Cloud communications SIP header tests, caller ID spoofing, Billing bypass, hijacking IP phones Signalling services Attacking tools for SIP and Skinny Advanced SIP attacks  Proxy bounce, SIP trust hacking  Custom headers, custom message-types UC tests w/ Viproxy + Real Client
  • 28. 28 SIGNALLING / MESSAGING • SDP / XML • SIP Headers • XMPP • MSRP CONTENT • Message types (HTML, RTF, Docs) • File types (Docs, Codecs) • Caller ID Spoofing • DoS / TDoS / Robocalls, Smishing FORWARDED REQUESTS • Call Settings • Message Content NO USER INTERACTION • Call request parsing • Message content parsing • 3rd party libraries reachable
  • 29. 29
  • 30.
  • 31. 31 Unified Messaging Message types (e.g. rtf, html, images) Message content (e.g. JavaScript) File transfers and sharing features Code or script execution (e.g. SFB) Encoding (e.g. Base64, Charset) Various protocols MSRP, XMPP, SIP/MESSAGE Combining other attacks
  • 32. 32 MANIPULATE SIP CONTENT INJECT MALICIOUS SUBJECTS SEND PHISHING MESSAGES Skype for Business Attacker’s Client Viproxy Interactive Console HACME 1 HACME 2 HACME 3 Attacker’s Client TLS / Proxy Certificate Compression Console Enabling Features Content Injection Security Bypass
  • 33.
  • 34. 34 UC content forwarded to UC clients (NO interaction) SIP INVITE headers Message content SIP/SDP content Office 365 Federations *MS15-123 Skype for Business Attacker’s Client Viproxy Skype for Business Server Changed Request Forwarded Request Call Request
  • 35. 35 URL filter bypass via JavaScript <script>var u1="ht"; u2="tp"; u3="://";o="w"; k="."; i=""; u4=i.concat(o,o,o,k); window.location=u1+u2+u3+u4+"viproy.com"</script> Script execution via SIP messages <script>window.location="viproy.com"</script> Script execution via SIP headers Ms-IM-Format: text/html; charset=UTF-8; ms- body=PHNjcmlwdD53aW5kb3cubG9jYXRpb249Imh0dHA6Ly93d3cudmlwc m95LmNvbSI8L3NjcmlwdD4=
  • 36. 36 Attacking through a PBX or proxy Sending a meeting request Using a CUSTOM SIP header Waiting for the shells Viproy Skype for Business Server SIP PBX Server Forwarded Meeting Request Meeting Request (Attack in SIP headers) PRIVATE NETWORK Forwarded Requests
  • 37.
  • 38. 38 Secure design Enforce security via SBCs Messaging, SIP headers, meetings… Enforce authentication Secure inter-vendor configuration Protect the legacy systems Protect the clients
  • 39. 39 Securing Unified Communications (UC) is NOT just securing VoIP. Brace yourselves, VoIP/UC are attacks are coming. #TaylorYourCommunicationSecurity !
  • 40. 40 Viproy VoIP Penetration Testing Kit http://www.viproy.com Context Information Security http://www.contextis.com