tag:blogger.com,1999:blog-50728181869064023492024-03-22T01:42:59.007+03:00Pen-Tester Strikes BackPen-Testing Guide for Metasploit, SIP, NGN, Mobile and IPTVFatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comBlogger32125tag:blogger.com,1999:blog-5072818186906402349.post-50900389534782805392017-01-30T06:47:00.000+03:002017-01-30T06:57:43.562+03:00Troopers'17 - VoIP Wars: The Live TrainingTroopers security conference in Heidelberg, Germany is one of my favourites. I have provided a VoIP training during Troopers'15, I also enjoyed some talks and social activities during the event. This year, Troopers will celebrate the 10 year anniversary, and my training will also take a place in during Troopers'17, thanks to Enno Rey and Niki Vonderwell.<br />
<div>
<b><br /></b></div>
<div>
<b>VoIP Wars: The Live Training</b> will be a hands-on phreaking experience for the participants. The training will have less talk, but more hands-on exercises using the especially designed <b>Viproyable</b> virtual machine. The participants will use Viproy and some open source tools to discover the vulnerabilities of Viproyable, solve the CTF challenges and demonstrate their knowledge during the training. This will be first announcement of Viproyable VM, but the project (after some fixes) may be a public project after Troopers as well. </div>
<div>
<br /></div>
<div>
The training will take a place on March 20, 2017 (at 9:00 am), the <a href="https://www.troopers.de/events/troopers17/736_voip_wars_the_live_training/" target="_blank">Troopers</a> web page can be used to <a href="https://www.troopers.de/registration/profile/" target="_blank">register</a>. The summary information and detailed topics are also below in case of you need more information about what will be on this training.</div>
<div>
<b><br /></b></div>
<h3>
<b>Hands-on Exercises of Viproyable:</b></h3>
<div>
<ul>
<li>VoIP service discovery</li>
<li>Enumeration using various responses</li>
<li>Gathering unauthorised access to the extensions</li>
<li>Hijacking voicemails</li>
<li>Performing call spoofing attacks</li>
<li>Discovering SIP trust relationships</li>
<li>Harvesting information via IP phone configuration files</li>
<li>Gaining unauthorised access to Asterisk Management</li>
<li>Remote code execution through SIP services</li>
<li>Remote code execution through FreePBX modules</li>
<li>Decoding RTP sessions and Decrypting SRTP sessions for eavesdropping</li>
<li>Exploiting Cisco CUCDM services</li>
</ul>
<div>
<br /></div>
</div>
<h3>
<b>Training Abstract:</b></h3>
<div>
<br /></div>
<div>
<div>
VoIP attacks have evolved, and they are targeting Unified Communications (UC), commercial services, hosted environment and call centres using major vendor and protocol vulnerabilities. This workshop is designed to experience these cutting edge VoIP attacks, and improve the VoIP skills of the incident response teams, penetration testers and network engineers. Modern attack vectors and broad threats against the VoIP ecosystem will be discussed and analysed for major vendor and protocol vulnerabilities with references to their targets. The major products to be targeting in the workshop are Cisco CUCM, Microsoft Lync/Skype and Asterisk. </div>
<div>
<br /></div>
<div>
In this hands-on workshop, the participants will learn about Unified Communications security fundamentals and testing with practical attacks to improve their skills. Attack scenarios will be discussed for various types of UC implementations to cover business services such as call centres, service operator networks and cloud services. In addition, they will be provided with the workshop and exercises notes as well as a USB stick that includes virtual machines and software to be used during workshop. The workshop exercises will be conducted using the open source tools and Viproy VoIP penetration testing kit developed by the trainer.<br />
<br /></div>
</div>
<div>
</div>
<h3>
<b>Training Details:</b></h3>
<div>
<b><br /></b></div>
<div>
<div>
<u>IP Telephony Server Security </u></div>
<div>
IP telephony servers are responsible to provide UC services such as SIP, Skinny, RTP and XMPP for clients and connected third-party systems. Also they may have various essential services such as DHCP, DNS, TFTP, FTP, HTTP, management services and IP phone services. The services running on the IP telephony servers are susceptible to mainstream vulnerabilities, vulnerabilities detected on open source libraries and insecure configuration. Those vulnerabilities can be exploited to permanently compromise the UC infrastructure through IP telephony servers. The participants will discover well-known vulnerabilities, published vulnerabilities of the VoIP servers and insecure configuration to exploit IP telephony servers in the lab. They will be supplied with customised exploits, code samples and scenario plot to complete the exploitation tasks.</div>
<div>
<ul>
<li>Design analysis of the sample networks</li>
<li>Network and service discovery</li>
<li>Missing patches and code execution </li>
<li>Management services analysis</li>
</ul>
<div>
<br /></div>
</div>
<div>
<u>UC Services Security Analysis</u></div>
<div>
Signalling services like SIP and Skinny are used to initiate, operate and manage VoIP calls. This section is prepared to explain and demonstrate weaknesses of the selected signalling services. Information disclosure, authentication issues and authorisation bypass issues are the major vulnerabilities on the signalling services. The participants will experience exploiting protocol and service level vulnerabilities to gain unauthorised access to the UC environment and services. </div>
<div>
UC services are also vulnerable to some specific attacks such as caller identity spoofing, SIP trust relationships hacking, SIP proxy bounce attack or DDoS attacks. These attacks can be used to bypass security restrictions of the SIP networks using protocol vulnerabilities or service configuration. Dial plans used, SIP trunks, clients connected and network infrastructures are the major targets for advanced attacks. The live exercises will cover sample scenarios for the advanced attacks to gain unauthorised access to the UC services such as voicemail services, SIP trunks and Instant Messaging (IM) services.</div>
<div>
<ul>
<li>SIP discovery, enumeration and password attacks </li>
<li>Advanced attacks targeting SIP networks</li>
<li>Skinny signalling protocol attacks </li>
</ul>
<div>
<br /></div>
</div>
<div>
<u>Media Transport Security</u></div>
<div>
UC infrastructures uses media transport protocols such as (S)RTP for the voice calls, file, desktop and presentation sharing. The media transmitted may have confidential or sensitive information which can be an object of PCI, COBIT or compliance requirements (e.g. credit card information on the calls to IVR services or costumer privacy). Due to the insecure encryption implementation and design issues, the sensitive information in the media transmitted can be exposed. The media transport security requirements and implementation issues will be explained with live exercises in this section.</div>
<div>
<ul>
<li>Analysing media transport for voice calls</li>
<li>Capturing and decoding voice calls</li>
<li>Decrypting SRTP encrypted calls</li>
</ul>
<div>
<br /></div>
</div>
<div>
<u>Security Analysis of Major Unified Communications Suites</u></div>
<div>
Major UC product suites such as Cisco CUCM/CUCDM or Microsoft Skype for Business are commonly used for the enterprise services. These suites provide an isolated ecosystem with customised clients (e.g. Cisco Jabber, Cisco Unified Communicator, Cisco IP phones, Microsoft Lync, Microsoft Skype for Business, Polycom IP phones) and service components. UC analysis for a product suite should be customised to identify suite specific vulnerabilities. This section is designed to highlight the vulnerabilities identified on the major product suites and the exploitation vectors. Hosted VoIP environment, enterprise communication and mobile services will be on the target for the live exercises which will be conducted by the participants.</div>
<div>
<ul>
<li>Security analysis of UC environments</li>
<li>Attacking XML based IP phones services</li>
<li>Attacking support services for IP phones </li>
<li>MITM testing of UC via Viproxy</li>
</ul>
</div>
</div>
<div>
<br /></div>
<div>
<br />
<div>
<br /></div>
</div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.com14tag:blogger.com,1999:blog-5072818186906402349.post-1194027938241913542016-03-22T08:15:00.002+02:002016-03-22T08:15:50.610+02:00Hardware Hacking Chronicles: IoT Hacking for Offence and Defence<div style="text-align: justify;">
Enterprise companies are using consumer and IoT devices to complete (or expand) their services such as broadband, IPTV, media streaming, satellite, voice and 3G/4G services. Although the devices are owned by the service providers, subscribers have limited (or full) access to them with service agreements. In addition to that, some of consumer devices also have roles on corporate communications, environment security or employee services. Consumer devices are located at subscriber premises; therefore, the traditional security testing approach only covers backend services security, not the devices.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Consumer and IoT devices are susceptible to hardware hacking based attacks such as firmware dumping, re-flashing with a custom firmware, and getting low level access using the physical management interfaces such as SPI, JTAG and UART. Low level access obtained can be used to modify device behaviours or their initial states. This helps attackers to debug consumer devices and operator services, to find new vulnerabilities, and to obtain the device configuration which may contain credentials for the service infrastructure. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Embedded device and hardware hacking is a rising skill set for penetration testers. It is required to understand targeted attacks which may include hardware implants, modified hardware attacking their own infrastructure or compromised devices that target the human factor. Some of advanced testing examples to be discussed are preparing a custom hardware for persistent access during a red teaming exercise, preparing a compromised consumer device for human factor pen-testing, attacking TR-069 services of a provider using smart home modems or altering the security controls of a device to abuse the service. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The presentation focuses on how the existing security testing techniques should be evolved with hardware and IoT hacking, and how service providers can make their infrastructure secure for cutting-edge attacks. Essential hardware hacking information, identifying and using physical management interfaces, hardware hacking toolset, well-known hardware attacks and hardware testing procedure will be presented in a road map for consumer devices security testing. Also a security testing approach will be explained to develop new security testing services and to improve existing ones such as red teaming, human factor pen-testing and infrastructure pen-testing.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
AusCERT 2016 - Thursday, 26th May 2016 - 11:40</div>
<div style="text-align: justify;">
<a href="https://conference.auscert.org.au/fatih-ozavci">https://conference.auscert.org.au/fatih-ozavci</a></div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-68001608723695792882016-03-22T08:14:00.000+02:002016-03-22T08:14:17.363+02:00Offensive Security Testing of Mobile Applications<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Mobile applications and services are playing a key role in enterprise communications as well as financial and subscriber services. Larger organisations supervise mobile devices of employees for corporate communication and office collaboration. Financial companies offer mobile services to improve customer satisfaction and to shape their new habits. Service providers also supply mobile devices with some applications to offer their subscriber services such as entertainment or communication. However, due to insufficient security enforced on mobile applications, they are also under attack by malware, state-sponsored actors or just causal attackers who are after unauthorised financial benefits or cyber intelligence. Android, Windows and iOS mobile platforms offer security features to improve mobile security, they require full integration of mobile applications though.</div>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<br /></div>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
This tutorial will be focused on the mobile applications security testing with practical exercises to highlight mobile security vulnerabilities of applications and design. Device security testing requirements including supervised devices, stolen device cases and MDM requirements will be discussed with demonstrations. New security testing techniques for Android, Windows and iOS applications will also be parts of the exercises such as assessing secure storage requirements, analysing multi-platform security integration, reverse engineering of mobile applications, testing cloud services and debugging supervised devices. The exercises are based on sample vulnerable applications as well as real life mobile applications available on the application stores. Improving mobile security testing skills may help software developers, consultants, administrators and architects to improve existing services as well as penetration testers to improve existing security testing services such as mobile applications and MDM security testing.</div>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<br /></div>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Tutorial registration (AusCERT Conference 2016)</div>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<a href="https://conference.auscert.org.au/registration">https://conference.auscert.org.au/registration</a> </div>
<div style="text-align: justify;">
<br /></div>
<h3 style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
TUTORIAL HEADLINES </h3>
<h3 style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
SECURITY TESTING REQUIREMENTS FOR MOBILITY </h3>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Mobile applications and devices need a well-designed test platform for security assessments. Various test devices including tablets, mobile phones, virtual machines, embedded devices and watches are required to run target mobile applications. Jailbreaking and customisation of devices is another task to create a flexible test platform. In addition, essential test tools, official SDKs and vulnerable applications should be parts the test lab. In this section, participants will learn fundamentals of mobile security and how can they build a test lab.</div>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<br /></div>
<h3 style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
DEVICE INTEGRATION SECURITY</h3>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Supervised devices, financial applications and subscriber services may need a secure platform integration to manage users’ actions. Secure storage, secure compile, encryption used and platform security objects such as sandboxing, internal services used (e.g. intent, broadcast, content provider, keychain/keystore), fingerprint modules, two-factor authentication and device policies are essential testing targets. Moreover, application specific services, information disclosure issues and functions used should be analysed in security perspective. During exercises, sample applications will be tested for common mobile security vulnerabilities, lack of platform integration, application specific security issues and insecure design.</div>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<br /></div>
<h3 style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
REVERSE ENGINEERING</h3>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Reverse engineering for mobile applications is required to identify fundamental security issues such as information disclosure through source code, security bypass using runtime manipulation, insecure security and access management. In addition, it can be used for attacking target applications as malware, bypassing sandboxed information and bypassing security policies such as jailbreak detection and device enforcements. Reverse engineering section will teach fundamentals for mobile security such ARM shellcoding, explaining VMs (e.g. Xamarin/Mono, Dalvik and ART), disassembling mobile applications and debugging using GDB, LLDB and ADB. The exercises in this section will include unpacking and dissembling applications, Drozer exercises, runtime manipulation exercises using Cyript and GDB.</div>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<br /></div>
<h3 style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
TRANSPORT SECURITY</h3>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Mobile applications need backend services on cloud or corporate networks to complete their features. However, most of mobile applications have security issues to implement transport security for backend services. Encryption issues such as lack of TLS enforcements, insecure crypto options and missing TLS pinning features are well-known security vulnerabilities for mobile implementations. Exercises in this section are based on using various proxies to intercept mobile traffic, attacking TLS implementations and bypassing TLS pinning.</div>
<h3 style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
BYOD and MDM SECURITY</div>
</h3>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; box-sizing: border-box; font-stretch: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Device security testing requirements including supervised devices, stolen device cases and MDM requirements will be discussed in this section. Various security problems of MDM solutions, well-known design issues, lack of cloud security and bypassing enforcements will be demonstrated.</div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-27905378625800500282015-11-26T06:33:00.001+02:002015-11-26T06:33:05.027+02:00VoIP Wars: Destroying Jar Jar Lync Materials<div style="color: rgba(0, 0, 0, 0.701961); font-family: Georgia, serif; line-height: 32px; margin-bottom: 32px; text-align: justify;">
VoIP Wars: Destroying Jar Jar Lync has been presented at Blackhat Europe 2015, GSEC Hack In The Box Singapore 2015 and Ruxcon 2015. The presentation contains newly published security vulnerabilities for the Microsoft Skype for Business platform, a test methodology and a customised testing tool named Viproxy. The unfiltered edition of the presentation, Viproxy 2.0, exploits, security advisory and demonstration video are available below.</div>
<div style="color: rgba(0, 0, 0, 0.701961); font-family: Georgia, serif; line-height: 16px; margin-bottom: 16px; text-align: justify;">
VoIP Wars: Destroying Jar Jar Lync (HITB Singapore presentation video)<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="400" src="https://www.youtube.com/embed/DXuAu_m1dsU" width="650"></iframe>
<br />
<br />
VoIP Wars: Destroying Jar Jar Lync (Presentation) </div>
<div style="color: rgba(0, 0, 0, 0.701961); font-family: Georgia, serif; line-height: 16px; margin-bottom: 16px;">
<iframe data-mce-src="//www.slideshare.net/slideshow/embed_code/key/k4htuABAIxhUKy" frameborder="0" height="430" src="https://www.slideshare.net/slideshow/embed_code/key/k4htuABAIxhUKy" style="display: block; margin-left: auto; margin-right: auto; text-align: justify;" width="595"></iframe></div>
<div style="color: rgba(0, 0, 0, 0.701961); font-family: Georgia, serif; line-height: 16px; margin-bottom: 16px; text-align: justify;">
<br />
SOS-15-005 – Microsoft Skype for Business 2016 unauthorised script execution security advisory (including P0C exploits)</div>
<div style="color: rgba(0, 0, 0, 0.701961); font-family: Georgia, serif; line-height: 16px; margin-bottom: 16px; text-align: justify;">
<a data-mce-href="http://www.senseofsecurity.com.au/advisories/SOS-15-005.pdf" href="http://www.senseofsecurity.com.au/advisories/SOS-15-005.pdf" style="color: #8c68cb; text-decoration: none;" target="_blank">http://www.senseofsecurity.com.au/advisories/SOS-15-005.pdf</a><br />
<br /></div>
<div style="color: rgba(0, 0, 0, 0.701961); font-family: Georgia, serif; line-height: 16px; margin-bottom: 16px; text-align: justify;">
SOS-15-005 – Microsoft Skype for Business 2016 unauthorised script execution demonstration</div>
<div style="color: rgba(0, 0, 0, 0.701961); font-family: Georgia, serif; line-height: 16px; margin-bottom: 16px;">
<iframe data-mce-src="//www.youtube.com/embed/hwDD7K9oXeI?wmode=transparent" frameborder="0" height="400" src="https://www.youtube.com/embed/hwDD7K9oXeI?wmode=transparent" style="display: block; margin-left: auto; margin-right: auto; text-align: justify;" width="650"></iframe></div>
<div style="color: rgba(0, 0, 0, 0.701961); font-family: Georgia, serif; line-height: 16px; margin-bottom: 16px; text-align: justify;">
<br />
Viproxy 2.0</div>
<div style="color: rgba(0, 0, 0, 0.701961); font-family: Georgia, serif; line-height: 16px; margin-bottom: 16px; text-align: justify;">
<a data-mce-href="http://viproy.com/files/viproxy-2.0.zip" href="http://viproy.com/files/viproxy-2.0.zip" style="color: #8c68cb; text-decoration: none;" target="_blank">http://viproy.com/files/viproxy-2.0.zip</a><br />
<br /></div>
<div style="color: rgba(0, 0, 0, 0.701961); font-family: Georgia, serif; line-height: 16px; margin-bottom: 16px; text-align: justify;">
Detailed information about Viproy VoIP Pen-Test Kit and VoIP Wars research series.</div>
<div style="color: rgba(0, 0, 0, 0.701961); font-family: Georgia, serif; line-height: 16px; margin-bottom: 16px; text-align: justify;">
<a data-mce-href="http://www.viproy.com" href="http://www.viproy.com/" style="color: #8c68cb; text-decoration: none;" target="_blank">http://www.viproy.com</a> </div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-23284557013013903502015-10-26T01:29:00.001+03:002015-10-26T01:29:58.103+03:00VoIP Wars – Destroying Jar Jar Lync (Filtered version)<iframe allowfullscreen="" frameborder="0" height="420" marginheight="0" marginwidth="0" scrolling="no" src="//www.slideshare.net/slideshow/embed_code/key/5aWmwaApEYWc6g" style="border-width: 1px; border: 1px solid #CCC; margin-bottom: 5px; max-width: 100%;" width="800"> </iframe><br />
<div style="margin-bottom: 5px;">
</div>
<div style="background-color: white; box-sizing: border-box; color: #242424; font-family: Ubuntu, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 1.58; margin-bottom: 12px; margin-top: 6px; text-align: justify;">
Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as call centre, internal communication, cloud communication and video conference platform. These services are based on the VoIP and instant messaging protocols, and support multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also the official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with .NET framework. Although the Microsoft Lync platform has been developed along with the new technologies, it still suffers from old VoIP, teleconference and platform issues.</div>
<div style="background-color: white; box-sizing: border-box; color: #242424; font-family: Ubuntu, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 1.58; margin-bottom: 12px; margin-top: 6px; text-align: justify;">
Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks and insecure compatibility options may allow attackers to hijack enterprise communications. The enterprise users and employees are also the next generation targets for these attackers. They can attack client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead to privacy violations, legal issues, call/toll fraud and intelligence collection.</div>
<div style="background-color: white; box-sizing: border-box; color: #242424; font-family: Ubuntu, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 1.58; margin-bottom: 12px; margin-top: 6px; text-align: justify;">
<strong style="box-sizing: border-box;">Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules of the Viproy VoIP kit developed by the speaker. This will be accompanied by live demonstrations against a test environment.</strong></div>
<div style="background-color: white; box-sizing: border-box; color: #242424; font-family: Ubuntu, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 1.58; margin-bottom: 12px; margin-top: 6px; text-align: justify;">
• A brief introduction to Microsoft Lync ecosystem<br />
• Security requirements, design vulnerabilities and priorities<br />
• Modern threats against commercial Microsoft Lync services<br />
• Demonstration of new attack vectors against target test platform</div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-91050997912199128762015-08-18T04:49:00.000+03:002015-08-18T04:53:12.025+03:00Viproy VoIP penetration testing kit 2.99.1 is released.Viproy VoIP penetration testing kit 2.99.1 is released. This version requires ruby 2.1.5/2.1.6 and current Github version of the Metasploit Framework.<br />
<br />
Download: <a href="https://github.com/fozavci/viproy-voipkit">https://github.com/fozavci/viproy-voipkit</a><br />
<br />
Pre-installed version: <a href="https://github.com/fozavci/metasploit-framework-with-viproy">https://github.com/fozavci/metasploit-framework-with-viproy</a><br />
<div>
<br /></div>
New features:<br />
<br />
<ul>
<li>SIP message and MSRP supports with SIP INVITE</li>
<li>MSRP message tester, MSRP and SDP PoC fuzzers</li>
<li>PoC client exploits for Boghe VoIP client </li>
<li>and bug fixes for the current version of the Metasploit Framework.</li>
</ul>
<br />
New modules and libraries released:<br />
<br />
<ul>
<li>MSRP library for MSRP messaging</li>
<li>Boghe VoIP Client INVITE PoC Exploit </li>
<li>Boghe VoIP Client MSRP PoC Exploit </li>
<li>SIP Message with INVITE Support </li>
<li>Sample SIP SDP Fuzzer </li>
<li>MSRP Message Tester with SIP INVITE Support </li>
<li>Sample MSRP Message Fuzzer with SIP INVITE Support </li>
<li>Sample MSRP Message Header Fuzzer with SIP INVITE Support </li>
</ul>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-34860132174818078992015-08-13T07:05:00.000+03:002015-08-13T07:05:03.827+03:00The Art of VoIP Hacking - DEF CON 23 Workshop Materials<span style="text-align: justify;">The Art of VoIP Hacking workshop has beed provided during the DEF CON 23 USA last week. We have discussed about the VoIP vulnerabilities, design issues and current treats targeting the VoIP environments. In addition, we have also demonstrated the major attack vectors for the VoIP services including the advanced SIP attacks, exploitation of the VoIP server vulnerabilities, Cisco Skinny attacks, attacking Cisco hosted VoIP services (CUCM/CUCDM), decryption of the SRTP traffic and exploitation of the VoIP client vulnerabilities. Over than 35 attendees have used the Viproy VoIP Penetration Testing Kit to attack to the test environment which has samples for each attack exercises. The following materials are provided for the DEF CON 23 workshop, but also for the VoIP community to improve unified communications security. </span><br />
<div>
<div style="text-align: justify;">
</div>
</div>
<div>
<br />
<a name='more'></a></div>
<div>
<h2>
The Art of VoIP Hacking - Presentation </h2>
</div>
<div>
<iframe allowfullscreen="" frameborder="0" height="355" marginheight="0" marginwidth="0" scrolling="no" src="//www.slideshare.net/slideshow/embed_code/key/yAaMT5eTY0Nchy" style="border: 1px solid rgb(204, 204, 204); margin-bottom: 5px; max-width: 100%;" width="425"></iframe></div>
<div style="margin-bottom: 5px;">
<strong> <a href="https://www.slideshare.net/fozavci/the-art-of-voip-hacking-defcon-23-workshop" target="_blank" title="The Art of VoIP Hacking - Defcon 23 Workshop">The Art of VoIP Hacking - Defcon 23 Workshop</a> </strong> from <strong><a href="https://www.slideshare.net/fozavci" target="_blank">Fatih Ozavci</a></strong> </div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<h2>
The Viproy VoIP Penetration Testing Kit (Customised Metasploit Framework repository)</h2>
</div>
<div>
<a href="https://github.com/fozavci/metasploit-framework-with-viproy/blob/master/VIPROY.md%20%20%EF%BB%BF" target="_blank">https://github.com/fozavci/metasploit-framework-with-viproy/blob/master/VIPROY.md </a></div>
<div>
<br /></div>
<h2>
Youtube videos of the attack demonstrations:</h2>
<div>
<div>
VoIP Wars: Attack of the Cisco Phones (Live Demo Remake)</div>
</div>
<div class="separator" style="clear: both; text-align: left;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/6lUFMXfBw94/0.jpg" frameborder="0" height="266" src="https://www.youtube.com/embed/6lUFMXfBw94?feature=player_embedded" width="320"></iframe></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Boghe VoIP client - SIP Invite based PoC exploit (0 Day)</div>
<div class="separator" style="clear: both; text-align: left;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/KiNhtAoWpcM/0.jpg" frameborder="0" height="266" src="https://www.youtube.com/embed/KiNhtAoWpcM?feature=player_embedded" width="320"></iframe></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Vi-Vo VoIP client - SIP Message based PoC exploit (0 Day)</div>
<div class="separator" style="clear: both; text-align: left;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/cGrQmy9hehE/0.jpg" frameborder="0" height="266" src="https://www.youtube.com/embed/cGrQmy9hehE?feature=player_embedded" width="320"></iframe></div>
<div>
<br /></div>
<div>
Shellshock exploit demonstration for Cisco CUCM 10.5.1</div>
<div class="separator" style="clear: both; text-align: left;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/vFpEIM_9wb8/0.jpg" frameborder="0" height="266" src="https://www.youtube.com/embed/vFpEIM_9wb8?feature=player_embedded" width="320"></iframe></div>
<div>
<br /></div>
<div>
SDES based SRTP traffic decryption demo</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: left;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/3KYstgyF1X4/0.jpg" frameborder="0" height="266" src="https://www.youtube.com/embed/3KYstgyF1X4?feature=player_embedded" width="320"></iframe></div>
<br />
<div>
<br /></div>
<div>
<br /></div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-56186205489685771012015-07-21T02:37:00.002+03:002015-07-21T02:38:39.505+03:00Defcon 23 Workshop: The Art of VoIP Hacking <div class="abstract" style="border: 0px; font-family: Gotham, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.3999996185303px; font-stretch: inherit; line-height: 20.1599998474121px; margin: 20px 15px 20px 10px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="background-color: white;">VoIP attacks have evolved, and they are targeting Unified Communications (UC), commercial services, hosted environment and call centres using major vendor and protocol vulnerabilities. This workshop is designed to demonstrate these cutting edge VoIP attacks, and improve the VoIP skills of the incident response teams, penetration testers and network engineers. Signalling protocols are the centre of UC environments, but also susceptible to IP spoofing, trust issues, call spoofing, authentication bypass and invalid signalling flows. They can be hacked with legacy techniques, but a set of new attacks will be demonstrated in this workshop. This workshop includes basic attack types for UC infrastructure, advanced attacks to the SIP and Skinny protocol weaknesses, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy use to analyse signalling services using novel techniques. Also the well-known attacks to the network infrastructure will be combined with the current VoIP vulnerabilities to test the target workshop network. Attacking VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by Fatih). It has a dozen modules to test trust hacking issues, information collected from SIP and Skinny services, gaining unauthorised access, call redirection, call spoofing, brute-forcing VoIP accounts, Cisco CUCDM exploitation and debugging services using as MITM. Furthermore, Viproy provides these attack modules in the Metasploit Framework environment with full integration. The workshop contains live demonstration of practical VoIP attacks and usage of the Viproy modules.</span></div>
<div class="abstract" style="border: 0px; font-family: Gotham, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.3999996185303px; font-stretch: inherit; line-height: 20.1599998474121px; margin: 20px 15px 20px 10px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="background-color: white;">In this hands-on workshop, attendees will learn about basic attack types for UC infrastructure, advanced attacks to the SIP protocol weaknesses, Cisco Skinny protocol hacking, hacking Cisco CUCDM and CUCM servers, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy VoIP pen-test kit to analyse VoIP services using novel techniques. New CDP, CUCDM and Cisco Skinny modules and techniques of Viproy will be demonstrated in the workshop as well.</span></div>
<div class="abstract" style="border: 0px; font-family: Gotham, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.3999996185303px; font-stretch: inherit; line-height: 20.1599998474121px; margin: 20px 15px 20px 10px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="background-color: white;"><b>Details and registration</b></span></div>
<div class="abstract" style="border: 0px; font-stretch: inherit; margin: 20px 15px 20px 10px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="background-color: white; font-size: 14.3999996185303px; line-height: 20.1599998474121px;"><span style="font-family: Gotham, Helvetica Neue, Helvetica, Arial, sans-serif;"><a href="https://www.defcon.org/html/defcon-23/dc-23-workshops-schedule.html#Ozavci" target="_blank">https://www.defcon.org/html/defcon-23/dc-23-workshops-schedule.html#Ozavci </a></span></span></div>
<div class="abstract" style="border: 0px; font-family: Gotham, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.3999996185303px; font-stretch: inherit; line-height: 20.1599998474121px; margin: 20px 15px 20px 10px; padding: 0px; text-align: justify; vertical-align: baseline;">
<strong style="background-color: white; border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Who should attend</strong></div>
<div class="abstract" style="border: 0px; font-family: Gotham, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.3999996185303px; font-stretch: inherit; line-height: 20.1599998474121px; margin: 20px 15px 20px 10px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="background-color: white;">Penetration testers, VoIP engineers, security engineers, internal auditors and all hackers who have a wireless card and a VM player.</span></div>
<div class="abstract" style="border: 0px; font-family: Gotham, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.3999996185303px; font-stretch: inherit; line-height: 20.1599998474121px; margin: 20px 15px 20px 10px; padding: 0px; text-align: justify; vertical-align: baseline;">
<strong style="background-color: white; border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Workshop Requirements</strong></div>
<div class="abstract" style="border: 0px; font-family: Gotham, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.3999996185303px; font-stretch: inherit; line-height: 20.1599998474121px; margin: 20px 15px 20px 10px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="background-color: white;">Participants should have an up to date Kali Linux virtual machine with Metasploit Framework. (The disk image will be provided by the tutors)</span></div>
<div class="speakerBio" style="border: 0px; font-family: Gotham, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0.9em; font-stretch: inherit; font-style: italic; line-height: 20.1599998474121px; margin-bottom: 20px; margin-left: 10px; margin-right: 15px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="background-color: white;"><strong style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Christos Archimandritis</strong> has nearly 5 years’ of experience in information security consulting, having performed various security assessments for clients in the banking, telecom and government sector. Prior to joining Sense of Security, he was a senior security consultant with a major consulting company in Europe. While working there, he performed network and web application penetration tests, mobile application penetration tests and wireless assessments for various clients in Europe and the Middle East. Before that, he worked in the European branch of a major company in the automotive sector, developing solutions for the company’s SAP and Business Objects environments as well as administering the company’s data warehouse.</span></div>
<div class="speakerBio" style="border: 0px; font-family: Gotham, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0.9em; font-stretch: inherit; font-style: italic; line-height: 20.1599998474121px; margin-bottom: 20px; margin-left: 10px; margin-right: 15px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="background-color: white;">Linkedin : <a href="http://gr.linkedin.com/pub/chris-archimandritis/52/580/478" style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;">http://gr.linkedin.com/pub/chris-archimandritis/52/580/478</a></span></div>
<div class="speakerBio" style="border: 0px; font-family: Gotham, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0.9em; font-stretch: inherit; font-style: italic; line-height: 20.1599998474121px; margin-bottom: 20px; margin-left: 10px; margin-right: 15px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="background-color: white;"><strong style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Fatih Ozavci</strong> is a Security Researcher, Principal Security Consultant with Sense of Security, and the author of the Viproy VoIP Penetration Testing Kit. Fatih has discovered several previously unknown security vulnerabilities and design flaws in IMS, Unified Communications, Embedded Devices, MDM, Mobility and SAP integrated environments for his customers. He has completed several unique penetration testing services during his career of more than 15 years. His current research is based on securing IMS/UC services, IPTV systems, attacking mobile VoIP clients, VoIP service level vulnerabilities, SaaS, mobility security testing, hardware hacking and MDM analysis. Fatih has presented his VoIP and mobile research at BlackHat USA’14, DefCon 22 and 21, Troopers’15, Cluecon 2013 and Ruxcon 2013. He has also provided VoIP and Mobility Security Testing workshop at AustCert’14, Kiwicon'15 and Troopers'15 events.</span></div>
<div class="speakerBio" style="border: 0px; font-family: Gotham, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 0.9em; font-stretch: inherit; font-style: italic; line-height: 20.1599998474121px; margin-bottom: 20px; margin-left: 10px; margin-right: 15px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="background-color: white;">Homepage : <a href="http://viproy.com/fozavci" style="border-image-outset: initial; border-image-repeat: initial; border-image-slice: initial; border-image-source: initial; border-image-width: initial; border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;">http://viproy.com/fozavci</a><br />Linkedin : <a href="http://tr.linkedin.com/pub/fatih-ozavci/54/a71/a94" style="border-image-outset: initial; border-image-repeat: initial; border-image-slice: initial; border-image-source: initial; border-image-width: initial; border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;">http://tr.linkedin.com/pub/fatih-ozavci/54/a71/a94</a></span></div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-81139051839073675342015-02-10T04:20:00.000+02:002015-02-10T04:20:46.420+02:00Training: Tactical VoIP Hacking with Viproy | Troopers 15<div style="text-align: justify;">
SIP and Skinny servers provide signalling services and they are the centre of Unified Communication networks and VoIP services. Signalling protocols are susceptible to IP spoofing, proxy trust issues, call spoofing, authentication bypass and bogus signalling flows. It can be hacked with legacy techniques, but a few new attack types will be demonstrated in this training. This training includes basic attack types for UC infrastructure, advanced attacks to the SIP and Skinny protocol weaknesses, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy to analyse SIP services using novel techniques.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Attacking VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by the trainer). It has a dozen modules to test trust hacking issues, information collected from SIP and Skinny services, gaining unauthorised access, call redirection, call spoofing, brute-forcing VoIP accounts and debugging services using as MITM. Furthermore, Viproy provides these attack modules in a Metasploit Framework environment and full integration. The training contains live demonstration of practical VoIP attacks and usage of new Viproy modules.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Registration : <a href="https://www.troopers.de/events/troopers15/464_tactical_voip_hacking_with_viproy" target="_blank">Troopers 15</a> </div>
<br />
<h2>
Training Agenda</h2>
<div class="p1">
</div>
<ol>
<li>Network Infrastructure </li>
<li>VoIP Server Security</li>
<li>Signalling Security</li>
<ol>
<li>Signalling Essentials</li>
<li>Testing of SIP and Skinny Services</li>
</ol>
<li>Media Transport Security</li>
<ol>
<li>Media Transport Essentials</li>
<li>Testing of RTP, SRTP and Proxy Services</li>
</ol>
<li>Cloud VoIP Solutions Security</li>
<li>VoIP Client Security</li>
<li>Capture the Flag</li>
</ol>
<br />
<div class="p3">
</div>
<div>
<div class="p3">
</div>
</div>
<div>
<div class="p1">
<br /></div>
<div class="p1">
<br /></div>
</div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-57622735323533347202014-11-04T10:39:00.000+02:002014-11-04T10:39:01.238+02:00Progress of the Viproy pull requests for the Metasploit FrameworkI saw a few challenges to submit Viproy modules to the Metasploit Framework;<br />
<br />
Firstly, I'm not a developer, but a pen-tester and a researcher. this means, I prepared this code during an engagement or in a testing environment. 400+ features/skills are implemented in the SIP/Skinny libraries and modules, some skills/features require special systems which I have no access now. Because of this, I cannot provide a lab environment to test all the features/options, maybe during the Kiwicon 2015 training. That's why the source code is pretty dirty, but works in many cases, especially in VoIP pen-test engagement.<br />
<br />
Moreover, I'm the only one who improves these modules during actual VoIP penetration tests, limited feedback and no code support. This prevents me to detect/fix errors of the software, only the Metasploit Framework team submitted code modifications on them. Thanks for all the commits and suggestions.<br />
<br />
Finally, I have some timing issues before January 2015. "rspec" modifications and full review of the features are really hard tasks, and require a working test lab with all components. I'm not sure I can provide this time to major changes, but I will try.<br />
<br />
I believe that Viproy should have a community support, that's why it is developed with the Metasploit Framework, not as a standalone software. These commits and comments show that it still has too much errors to fix and too much features to demonstrate. Also they show that community support is very useful, the Viproy's source code is improved by a team, not the author anymore. Basically this process does work.<br />
<br />
Thanks for all support.<br />
<br />
Now, we have two ways to decide;<br />
<br />
<ul>
<li>It may be slow, but I can support/update these pull requests with you to make Viproy a part of the Metasploit Framework, as soon as I can.</li>
<li>or, preparing a good plan and waiting for 2015 Q1 for the major Viproy source improvements for the full Metasploit Framework integration.</li>
</ul>
Please think about it as a team, and suggest a way to do that. Remember, the code is licensed as the Metasploit License, you're free to fix/improve all features. I'm comfortable for the both options, the problem is only my schedule before Jan 2015.<br />
<br />
Original post link at Github : <a href="https://github.com/rapid7/metasploit-framework/pull/4066#issuecomment-61608013">https://github.com/rapid7/metasploit-framework/pull/4066#issuecomment-61608013</a><br />
<br />
/cc @todb-r7 @jhart-r7 @jvazquez-r7 @hmoore-r7Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.com2tag:blogger.com,1999:blog-5072818186906402349.post-72984542527142479102014-10-27T05:50:00.000+02:002014-10-27T05:50:58.004+02:00Training: Practical VoIP Hacking with Viproy (Kiwicon'14)<div style="text-align: justify;">
We have prepared a VoIP hacking training for the <a href="https://kiwicon.org/" target="_blank">Kiwicon</a> security conference at New Zealand. The training focus is the testing of the VoIP signalling protocols using Viproy. We'll explain the VoIP essentials and the protocol basics for SIP and Skinny. Also it will be demonstrated that how we can attack to the VoIP servers using web management interfaces, essential services and signalling services. Viproy VoIP penetration testing kit will be in use for the basic and advanced attacks such as SIP trust hacking, SIP proxy bounce attack, Skinny service manipulation, CUCDM exploitation and attacking VoIP clients. If you're interested in about VoIP and attending to Kiwicon, come and join us in this training.</div>
<div style="text-align: justify;">
<br /></div>
<h3>
Registration:</h3>
<div>
You can sign up this training using the form at the Kiwicon homepage.</div>
<div>
<a href="https://kiwicon.org/the-con/training/practical-voip-hacking-with-viproy">https://kiwicon.org/the-con/training/practical-voip-hacking-with-viproy</a></div>
<div>
<a name='more'></a><br /></div>
<h3>
Summary:</h3>
<div>
<div class="p1" style="text-align: justify;">
SIP and Skinny servers provide signalling services and they are the centre of Unified Communication networks and VoIP services. Signalling protocols are susceptible to IP spoofing, proxy trust issues, call spoofing, authentication bypass and bogus signalling flows. It can be hacked with legacy techniques, but a few new attack types will be demonstrated in this training. This training includes basic attack types for UC infrastructure, advanced attacks to the SIP and Skinny protocol weaknesses, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy to analyse SIP services using novel techniques. </div>
<div class="p1" style="text-align: justify;">
<br /></div>
<div class="p1" style="text-align: justify;">
Attacking VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by the trainer). It has a dozen modules to test trust hacking issues, information collected from SIP and Skinny services, gaining unauthorised access, call redirection, call spoofing, brute-forcing VoIP accounts and debugging services using as MITM. Furthermore, Viproy provides these attack modules in a Metasploit Framework environment and full integration. The training contains live demonstration of practical VoIP attacks and usage of new Viproy modules.</div>
<div class="p1" style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Outline:</h3>
<div>
<br /></div>
<h4 style="text-align: justify;">
1.<span class="Apple-tab-span" style="white-space: pre;"> </span>IP Telephony Server Security</h4>
<div class="p1" style="text-align: justify;">
</div>
<ul>
<li>Operating System Security</li>
<li>Weak and Default Configuration Weaknesses</li>
<li>Management Features</li>
<li>Log and Call Record Security</li>
<li>3rd party IP phone support, address book and global information services </li>
</ul>
<br />
<div class="p1" style="text-align: justify;">
Demonstrations: </div>
<div class="p1" style="text-align: justify;">
</div>
<ul>
<li>Missing patches and code execution </li>
<li>Management and user accounts analysis</li>
<li>Attacking IP phone support services</li>
</ul>
<br />
<h4 style="text-align: justify;">
2.<span class="Apple-tab-span" style="white-space: pre;"> </span>Signalling Analysis</h4>
<div class="p1" style="text-align: justify;">
</div>
<ul>
<li>Basics of Protocols (SIP/Skinny)</li>
<li>Authentication and Authorisation Analysis</li>
<li>Signalling Features and Call Spoofing</li>
<li>Restriction Bypass Attacks</li>
<li>Man-In-The-Middle (MITM) Attacks</li>
<li>Custom SIP Tests, Feature and Dial Plan Analysis</li>
<li>Value Added Services Analysis</li>
<li>Encryption Analysis</li>
</ul>
<br />
<div class="p1" style="text-align: justify;">
Demonstrations:</div>
<div class="p1" style="text-align: justify;">
</div>
<ul>
<li>SIP service discovery</li>
<li>Authentication tests</li>
<li>Enumeration and password attacks </li>
<li>Call, Message and DoS tests</li>
<li>Skinny signalling protocol attacks </li>
<li>SIP MITM module of Viproy and usage</li>
<li>MITM attacks </li>
<li>VAS testing </li>
<li>Call eavesdropping</li>
</ul>
<br />
<h4 style="text-align: justify;">
3.<span class="Apple-tab-span" style="white-space: pre;"> </span>VoIP Clients’ Security</h4>
<div class="p1" style="text-align: justify;">
</div>
<ul>
<li>Client Management Procedure Analysis</li>
<li>Initialisation, Installation, Update and Upgrade Weaknesses</li>
<li>Support Services (TFTP, DHCP, FTP, HTTP)</li>
<li>Remote Management and Services Analysis </li>
<li>Embedded Software Vulnerabilities</li>
<li>Denial of Service Vulnerabilities </li>
</ul>
<br />
<div class="p1" style="text-align: justify;">
Demonstrations:</div>
<div class="p1" style="text-align: justify;">
</div>
<ul>
<li>VoIP handset vulnerabilities (Cisco IP Phone)</li>
<li>VoIP softphone vulnerabilities</li>
<li>Attacking to the support services </li>
</ul>
<br />
<h4 style="text-align: justify;">
4.<span class="Apple-tab-span" style="white-space: pre;"> </span>Advanced Attacks </h4>
<div class="p1" style="text-align: justify;">
</div>
<ul>
<li>Attacking Hosted VoIP Solutions</li>
<li>SIP Proxy Bounce Attack</li>
<li>Fake Services and MITM Fuzzing</li>
<li>(Distributed) Denial of Service</li>
<li>Attacking SIP Soft Switches and SIP Clients</li>
<li>SIP Amplification Attack</li>
<li>Hacking Trust Relationships of SIP Gateways</li>
<li>Attacking SIP Clients via SIP Trust Relationships</li>
<li>Fuzzing in Advance</li>
</ul>
<br />
<div class="p1" style="text-align: justify;">
Demonstrations:</div>
<div class="p1" style="text-align: justify;">
</div>
<ul>
<li>SIP proxy bounce attack</li>
<li>SIP trust hacking</li>
<li>Fuzzing samples </li>
<li>DoS and DDoS attacks </li>
</ul>
</div>
<div style="text-align: justify;">
<br /></div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-57852179643707469202014-10-23T07:25:00.000+03:002014-10-24T04:55:59.943+03:00Viproy VoIP Testing Modules Pull Requests for Metasploit Framework<div style="text-align: justify;">
I have made some cosmetic and required changes on the source of Viproy. Some modules, names and functions are changed for the Metasploit Framework compatibility. I need your testing and development support for those modules. I have submitted the Viproy SIP, Skinny, CDP testing modules, CUCDM exploits and libraries to the Metasploit Framework repository as pull requests. Please feel free to obtain the pull requests, try the code and send comments about the code or usage.</div>
<br />
<b>Viproy VoIP Pen-Test Kit pull requests in the Metasploit Framework Repository:</b><br />
<br />
Viproy VoIP Pen-Test Kit - SIP Testing Modules<br />
<a href="https://github.com/rapid7/metasploit-framework/pull/4060">https://github.com/rapid7/metasploit-framework/pull/4060</a><br />
<br />
Viproy VoIP Pen-Test Kit - Cisco CDP Testing Module<br />
<a href="https://github.com/rapid7/metasploit-framework/pull/4060">https://github.com/rapid7/metasploit-framework/pull/4061</a><br />
<br />
Viproy VoIP Pen-Test Kit - Cisco CUCDM Exploits<br />
<a href="https://github.com/rapid7/metasploit-framework/pull/4065">https://github.com/rapid7/metasploit-framework/pull/4065</a><br />
<br />
Viproy VoIP Pen-Test Kit - Cisco Skinny Testing Modules<br />
<a href="https://github.com/rapid7/metasploit-framework/pull/4066">https://github.com/rapid7/metasploit-framework/pull/4066</a><br />
<br />
<b>Documentation:</b><br />
<br />
Usage and packet capture samples for SIP modules are available at the following link.<br />
<a href="https://github.com/fozavci/viproy-voipkit/blob/master/SIPUSAGE.md">https://github.com/fozavci/viproy-voipkit/blob/master/SIPUSAGE.md</a><br />
<br />
Usage and packet capture samples for SIP modules are available at the following link.<br />
<a href="https://github.com/fozavci/viproy-voipkit/blob/master/SKINNYUSAGE.md">https://github.com/fozavci/viproy-voipkit/blob/master/SKINNYUSAGE.md</a><br />
<br />
Usage and packet capture samples for the auxiliary Viproy modules are available at the following link.<br />
<a href="https://github.com/fozavci/viproy-voipkit/blob/master/OTHERSUSAGE.md">https://github.com/fozavci/viproy-voipkit/blob/master/OTHERSUSAGE.md</a><br />
<br />
Potential testing targets could be <a href="http://www.rebootuser.com/?p=1069" target="_blank">VulnVoIP</a>, AsteriskNow or SipXecs distributions.Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-33112864032124061732014-09-30T09:53:00.000+03:002014-09-30T09:53:31.295+03:00VoIP Wars: Attack of the Cisco Phones (Black Hat USA 2014 Video)Black Hat USA 2014 videos are published yesterday. The following video is my Black Hat USA 2014 presentation, VoIP Wars: Attack of the Cisco Phones. Also I have added the presentation itself and the live demo remake video as well.<br />
<br />
<h1 class="creator-editor-title" style="background: rgb(255, 255, 255); border: 0px; font-family: arial, sans-serif; font-size: 18px; line-height: 1em; margin: 8px 0px; padding: 0px;">
VoIP Wars: Attack of the Cisco Phones (Video)</h1>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='640' height='532' src='https://www.youtube.com/embed/hqL25srtoEY?feature=player_embedded' frameborder='0'></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<h1 class="creator-editor-title" style="background: rgb(255, 255, 255); border: 0px; font-family: arial, sans-serif; font-size: 18px; line-height: 1em; margin: 8px 0px; padding: 0px;">
VoIP Wars: Attack of the Cisco Phones (Presentation)</h1>
<iframe allowfullscreen="" frameborder="0" height="356" marginheight="0" marginwidth="0" scrolling="no" src="//www.slideshare.net/slideshow/embed_code/38045909" style="border-width: 1px; border: 1px solid #CCC; margin-bottom: 5px; max-width: 100%;" width="427"> </iframe><br />
<div style="margin-bottom: 5px;">
<br />
<br />
<h1 class="creator-editor-title" style="background: rgb(255, 255, 255); border: 0px; font-family: arial, sans-serif; font-size: 18px; line-height: 1em; margin: 8px 0px; padding: 0px;">
VoIP Wars: Attack of the Cisco Phones (Live Demo Remake)</h1>
</div>
<iframe allowfullscreen="" frameborder="0" height="360" src="//www.youtube.com/embed/6lUFMXfBw94" width="640"></iframe>Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-62998918967851235412014-09-26T08:21:00.000+03:002014-09-26T08:21:04.585+03:00VoIP Wars and the Awesome Audience<div style="text-align: justify;">
Last year, was my first DEF CON presentation “VoIP Wars: Return of the SIP.” I really enjoyed being a part of this amazing security conference. I presented some next generation VoIP attacks such as SIP trust hacking, SIP proxy bounce attacks and attacking mobile applications through the SIP protocol. I also announced my security assessment tool Viproy VoIP penetration testing kit during the security conference.
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<a href="http://cie.acm.org/blog/voip-wars-and-awesome-audience" target="_blank">Click here to continue reading at ACM - Computers in Entertainment</a></div>
<div style="text-align: justify;">
<br /></div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-90748705029269250072014-08-16T15:44:00.001+03:002014-08-17T12:54:45.401+03:00VoIP Wars: Attack of the Cisco PhonesI have shared my Cisco based hosted VoIP networks security research at Blackhat USA 2014 and DEF CON 22 last week. This research contains several different attack vectors, published vulnerabilities, unpatched vulnerabilities, Skinny protocol attacks, new SIP protocol attacks, VOSS IP phone XML services attacks and new version of Viproy VoIP penetration testing kit. I'll prepare a few detailed blog entries for them, before this, you can review the slide set and the recap of the live demos of the presentation.<br />
<br />
<br />
<h1 class="creator-editor-title" style="background: rgb(255, 255, 255); border: 0px; font-family: arial, sans-serif; font-size: 18px; line-height: 1em; margin: 8px 0px; padding: 0px;">
VoIP Wars: Attack of the Cisco Phones (Presentation)</h1>
<iframe allowfullscreen="" frameborder="0" height="356" marginheight="0" marginwidth="0" scrolling="no" src="//www.slideshare.net/slideshow/embed_code/38045909" style="border-width: 1px; border: 1px solid #CCC; margin-bottom: 5px; max-width: 100%;" width="427"> </iframe><br />
<div style="margin-bottom: 5px;">
<br />
<br />
<h1 class="creator-editor-title" style="background: rgb(255, 255, 255); border: 0px; font-family: arial, sans-serif; font-size: 18px; line-height: 1em; margin: 8px 0px; padding: 0px;">
VoIP Wars: Attack of the Cisco Phones (Live Demo Remake)</h1>
</div>
<iframe allowfullscreen="" frameborder="0" height="360" src="//www.youtube.com/embed/6lUFMXfBw94" width="640"></iframe>Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-75120781600984530282014-03-21T02:12:00.000+02:002014-03-21T03:25:11.120+02:00AusCERT 2014 Tutorials from Sense of Security<div style="text-align: justify;">
<a href="http://www.senseofsecurity.com.au/" target="_blank">Sense of Security</a> will have 2 tutorials and 3 presentations at <a href="http://conference.auscert.org.au/" target="_blank">AusCERT</a> 2014, details are accessible at the <a href="http://conference.auscert.org.au/program/tutorials" target="_blank">tutorials</a> and the <a href="http://conference.auscert.org.au/program" target="_blank">presentations</a> pages of the event. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Nathaniel Carew, Nadeem Ahmed Salim and I have prepared a penetration testing tutorial for mobile applications, registration link is accessible from <a href="http://conference.auscert.org.au/program/speakers/fatih-ozavci-nathaniel-carew-and-nadeem-ahmed-salim-sense-of-security-pty-ltd" target="_blank">here</a>. We're planning to explain test procedures of the mobile pen-test, testing tools and the cutting-edge techniques. We will cover iOS and Android platforms for the tutorial, the demonstrations prepared for these platforms as well. They will be based on sample vulnerable applications and real applications from the application stores. The followings are the headlines of the mobile pen-test tutorial.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Penetration Testing for Mobile Applications and Web Services</b></div>
<div class="p1">
</div>
<ul>
<li style="text-align: justify;">Mobile Applications 101</li>
<ul>
<li style="text-align: justify;">Preparing a mobile pen-test lab </li>
</ul>
<li style="text-align: justify;">Auditing platform integration </li>
<ul>
<li style="text-align: justify;">Compile options, Encryption, Storage, Caching, Logs</li>
</ul>
<li style="text-align: justify;">Reverse engineering</li>
<ul>
<li style="text-align: justify;">Unpacking, Deobfuscating, Permission Management</li>
<li style="text-align: justify;">Source code analysis, Protection bypass, Sandbox Issues</li>
<li style="text-align: justify;">Runtime manipulation, Debugging</li>
</ul>
<li style="text-align: justify;">Transport and communication features </li>
<ul>
<li style="text-align: justify;">Certificate pinning, MITM, Fake services</li>
</ul>
</ul>
<br />
<div style="text-align: justify;">
Moreover, Shawn Thompson and I have prepared an another tutorial as well, Next Generation Attacks and Countermeasures for VoIP. Registration link is accessible from <a href="http://conference.auscert.org.au/program/speakers/fatih-ozavci-nathaniel-carew-and-nadeem-ahmed-salim-sense-of-security-pty-ltd" target="_blank">here</a> and the major tool of the tutorial, Viproy, is accessible from <a href="http://viproy.com/" target="_blank">here</a>. We're planning to demonstrate next generation VoIP attacks starting from the LAN attacks to the SIP, Skinny, Trust and Proxy attacks. The beta versions of the new Viproy modules will be in these demonstrations as well such as Skinny signalling protocol attacks, CDP support, Cisco vendor support for SIP, TCP and SSL support for SIP. We will prepare a test lab for the tutorial which includes different SIP servers, VLAN supported switch, Cisco SIP and Skinny services. The followings are the headlines of the mobile pen-test tutorial.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Next Generation Attacks and Countermeasures for VoIP</b></div>
<div class="p1">
</div>
<ul>
<li style="text-align: justify;">Network Infrastructure Analysis</li>
<ul>
<li style="text-align: justify;">WAN/LAN/VLAN analysis, Service discovery</li>
</ul>
<li style="text-align: justify;">IP Telephony Server Security</li>
<ul>
<li style="text-align: justify;">Weak configuration, Management issues</li>
</ul>
<li style="text-align: justify;">SIP, Skinny and RTP Analysis</li>
<ul>
<li style="text-align: justify;">Discovery, Authentication, Call tests, VAS</li>
<li style="text-align: justify;">Enumeration, Eavesdropping, Call Spoofing</li>
</ul>
<li style="text-align: justify;">VoIP Clients’ Security </li>
<li style="text-align: justify;">Advanced Attacks</li>
<ul>
<li style="text-align: justify;">Trust hacking, Proxy hacking, DoS, Fuzzing</li>
</ul>
</ul>
<span style="text-align: justify;">If you have further questions about these tutorials, feel free to contact me at fatih.ozavci at viproy.com. </span><br />
<div class="p1">
<span style="text-align: justify;"><br /></span></div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-40792223212042637172013-09-02T17:26:00.002+03:002013-09-02T17:38:02.227+03:00The Notes about my USA Trip: Defcon, Blackhat and Cluecon<span style="font-family: Helvetica, Arial, Droid Sans, sans-serif; text-align: justify;"><span style="font-size: 14px; line-height: 19.984375px;">I have been USA for 2 weeks. I have presented my VoIP research and Viproy VoIP Penetration Testing Kit at Blackhat Arsenal 2013, Defcon 21 and Cluecon 2013. My presentation is below, VoIP Wars: Return of the SIP and you can get Viproy from </span></span><a href="http://www.viproy.com/" style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px; text-align: justify;">www.viproy.com</a><span style="font-family: Helvetica, Arial, Droid Sans, sans-serif; text-align: justify;"><span style="font-size: 14px; line-height: 19.984375px;">. I'll share my USA experience in this blog entry, my plans about Viproy and its new modules/features will be explained in an another blog entry. </span></span><br />
<div style="text-align: justify;">
</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, Droid Sans, sans-serif;"><span style="font-size: 14px; line-height: 19.984375px;">This trip was really interesting experience for me, especially Defcon Conference. It was my first USA trip and I was excited because of conferences. Me and my wife have visited a few places before the conferences, such as outlet shopping centers of Las Vegas, Fry's Electronics and Universal Studios at Los Angeles. I bought many electronic gadgets from Fry's, it was a gadget heaven. Also I suggest that you should visit Universal Studios and see Transformers The Ride, it was really awesome. I shared a few photos from there, but the ride experience of Transformers cannot be explained, you should see it. </span></span></div>
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, Droid Sans, sans-serif;"><span style="font-size: 14px; line-height: 19.984375px;"><br /></span></span></div>
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, Droid Sans, sans-serif;"><span style="font-size: 14px; line-height: 19.984375px;">First day of Blackhat, I have visited the Blackhat Arsenal Hall and met with Nabil Ouchn (@toolswatch). He was really cool guy and he did a great work with Black Arsenal. You should check his notes (<a href="http://www.toolswatch.org/2013/08/blackhat-arsenal-usa-2013-wrap-up/" target="_blank">1</a>, <a href="http://www.toolswatch.org/2013/08/blackhat-arsenal-usa-2013-wrap-up-day-2/" target="_blank">2</a>) for Blackhat Arsenal USA. Blackhat Arsenal was really amazing, my favorite tools were Drozer and Armitage. Second day was my presentation and tool demo day at station 6. I started my presentation with a video of Viproy, after this I explained its features and usages of modules. I had Turkish Delight for audience and I invite them to my station 6. I have presented Viproy's usages with demos and I answered their questions at my station. </span></span><span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;">Also I have met with Raphael Mudge (@armitagehacker), his turbo presentation was really cool and we talked a little bit about my plans about Viproy and its integration of Armitage. I really wanted to be there next year.</span></div>
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, Droid Sans, sans-serif;"><span style="font-size: 14px; line-height: 19.984375px;">Defcon 21 was just like a dream for me, I didn't believe it's happening before I took my badge and speaker materials from registration desk. When I visited the Tracks, I saw that almost ~2000 people were watching a presentation. I checked-in to the speakers room and I reviewed my presentation. I have assisted by a staff to the stage and they helped me to prepare the presentation area. During the presentation, a few guys were behind me and they stopped the presentation. I was shocked because I didn't join any session before my session, I checked-in to the speakers room immediately. It's a tradition that Defcon guys try to get you drunk during your first presentation. Learning this fact on the stage was not awesome, but it helped :) Audience said "drink! drink! drink!" and I finished my first Jack Daniel's shot. Everything was clear after the shot :)</span></span></div>
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, Droid Sans, sans-serif;"><span style="font-size: 14px; line-height: 19.984375px;"><br /></span></span></div>
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, Droid Sans, sans-serif;"><span style="font-size: 14px; line-height: 19.984375px;">I have finished my presentation, I learned that audience did not hear me clearly during the second demo after the session. I had no idea and feedback during the presentation, next year I will be louder :) I have promised a Turkish Rakı as a gift for best question, I gave it to a good guy for his a few questions </span></span><span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;">after the presentation. At last part of my session, </span><span style="font-family: Helvetica, Arial, Droid Sans, sans-serif;"><span style="font-size: 14px; line-height: 19.984375px;">Peiter Zatko (Mudge @dotmudge) came and he congratulates me for my session. He was my hero because of L0pht, we have a photo on the stage now. Also I had a chance to chat with my friends, Max Sobell (@msobell), Jurriaan Breemer (@skeir_t) and Jason Olstrom (@justiceguy). I will attend Defcon 22 </span></span><span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;">definitely</span><span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;">, as a speaker or audience it doesn't matter.</span></div>
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, Droid Sans, sans-serif;"><span style="font-size: 14px; line-height: 19.984375px;">We have gone to Chicago after Blackhat and Defcon, for Cluecon 2013. Cluecon is a VoIP conference organized by FreeSwitch team. Many good guys presented their tools, research and experience about FreeSwitch and SIP services. </span></span><span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;">I have attended only second day of the conference, because I was really tired and I have flu.</span><span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"> I had a speech at Security Birds of a Feather session and I presented my VoIP research. I had a chance to meet and chat with Phil Zimmermann, Jon Callas and Travis Cross. </span></div>
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><br /></span>
<br />
<div style="text-align: start;">
<iframe allowfullscreen="" frameborder="0" height="480" marginheight="0" marginwidth="0" mozallowfullscreen="" scrolling="no" src="http://www.slideshare.net/slideshow/embed_code/24895384" style="border: 1px solid rgb(204, 204, 204); margin-bottom: 5px;" webkitallowfullscreen="" width="600"></iframe></div>
<div>
<br /></div>
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;">I have a few photos from this USA trip, I shared them below with short description.</span></div>
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><br /></span>
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><b>Photos from Las Vegas and Los Angeles</b></span><br />
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjinxX9yy7k5p4RMVBN_ItguqIHaQtafhei0tsUbraChCVh-uraJu5kwgvkCyesfqZh3IInnwP-9ai4SrGFJk3dn334V3oBKGL1KTP3Vlj3yGCDOPzl5ad5Io1_i47bDA0YmlPWSt4uLzbz/s1600/Eifell+in+Vegas.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjinxX9yy7k5p4RMVBN_ItguqIHaQtafhei0tsUbraChCVh-uraJu5kwgvkCyesfqZh3IInnwP-9ai4SrGFJk3dn334V3oBKGL1KTP3Vlj3yGCDOPzl5ad5Io1_i47bDA0YmlPWSt4uLzbz/s320/Eifell+in+Vegas.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Eiffel Tower Restaurant - Las Vegas</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxTzcJ2TnMPj8Pgg-xEp5ylNOhi-s65RjhlYhE0EGQojYYY98RHzl3_ShM_6ja_iZ_QlbVUjd0bZOc8caWCNY007nELUve4Per1Qqe5qv24ynDmnwsFDkHNyO9CQyJdAHQ38si5p419P16/s1600/IMG_2905.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxTzcJ2TnMPj8Pgg-xEp5ylNOhi-s65RjhlYhE0EGQojYYY98RHzl3_ShM_6ja_iZ_QlbVUjd0bZOc8caWCNY007nELUve4Per1Qqe5qv24ynDmnwsFDkHNyO9CQyJdAHQ38si5p419P16/s320/IMG_2905.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Luxor Sphinx - Las Vegas</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiouY9jCKNow0Ebg10JnlRHMusili85FFlsx4gzTPOTCuY2MGr7jegKLJHVO8MMIdGFp0H7M3dh3Vmr4BBbjLdtGkGc52ZNnMVdnHwvkNhwMBGOrzfbTaCPfM0mLkQAf3HyjeYEZ1matkFI/s1600/SAM_0020.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiouY9jCKNow0Ebg10JnlRHMusili85FFlsx4gzTPOTCuY2MGr7jegKLJHVO8MMIdGFp0H7M3dh3Vmr4BBbjLdtGkGc52ZNnMVdnHwvkNhwMBGOrzfbTaCPfM0mLkQAf3HyjeYEZ1matkFI/s320/SAM_0020.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Slash and Me :)</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi60FEkBFLjL9jABlLnoPPpwYLQXDTjwaF2-TK-A-oGX4s_XYi0Kka-hHPgQRpxlC2jo8gFHYs_IeeORQ9T3ubbhBEfD-hr4OUAIgc_vo5GnwbdZoB-SMGvF5IotKrEUQQreYQAKghFotyL/s1600/SAM_0028.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi60FEkBFLjL9jABlLnoPPpwYLQXDTjwaF2-TK-A-oGX4s_XYi0Kka-hHPgQRpxlC2jo8gFHYs_IeeORQ9T3ubbhBEfD-hr4OUAIgc_vo5GnwbdZoB-SMGvF5IotKrEUQQreYQAKghFotyL/s320/SAM_0028.JPG" style="cursor: move;" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Preparing to the trip for Los Angeles</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZPpQjS__8_fj6IiuKdtulmUR5EdPCfJtHHyIQsi_jkYdKgSNRAzFsfArq8oEJN1NV6nNpMqEXViO5WmU6Gg5wASDrp_EmSIt9B6Y7VE5uq3Y1ZjDhJNyOOZU5debuKXG36Ve5zKQ93H4Q/s1600/SAM_0072.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZPpQjS__8_fj6IiuKdtulmUR5EdPCfJtHHyIQsi_jkYdKgSNRAzFsfArq8oEJN1NV6nNpMqEXViO5WmU6Gg5wASDrp_EmSIt9B6Y7VE5uq3Y1ZjDhJNyOOZU5debuKXG36Ve5zKQ93H4Q/s320/SAM_0072.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Of course traffic is everywhere</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEino8BXqJ69664X95FSNsL-GlJwYnv7ZXi9AGRwsk0gwcgo4z4q_DisWb0ho93qaG10inLBruguKBtHYTaBbL49P0jLTrX6JLyYixofpBtppQYPITC6CZAFU7f1tPv_7ae_ObfwO397gYvf/s1600/SAM_0099.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEino8BXqJ69664X95FSNsL-GlJwYnv7ZXi9AGRwsk0gwcgo4z4q_DisWb0ho93qaG10inLBruguKBtHYTaBbL49P0jLTrX6JLyYixofpBtppQYPITC6CZAFU7f1tPv_7ae_ObfwO397gYvf/s320/SAM_0099.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Me and my wife - Universal Studios</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHPiGwUCf_BFLRGyBfLe-w0HqNJbmlD4VQos4YO1NCc_BgGEp8F6vdTS4lNmAf2s_vTyiLehBPu2MEe9ukmfgavMbg53S-iAdWPe7cPZGgWQsYa-9BWtOeXq-GOqPDa8C-ksyoyByLxp5E/s1600/SAM_0187.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHPiGwUCf_BFLRGyBfLe-w0HqNJbmlD4VQos4YO1NCc_BgGEp8F6vdTS4lNmAf2s_vTyiLehBPu2MEe9ukmfgavMbg53S-iAdWPe7cPZGgWQsYa-9BWtOeXq-GOqPDa8C-ksyoyByLxp5E/s320/SAM_0187.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
Transformers The Ride 3D - Universal Studios</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmTF2KPQJcpaTZ00Q-iJ030C5pCBPcgWMzv7XIOW2rolRDVEYriasdHmWdVa4Rri0YWrN4L1q1KYbR5WJOeJ6BN2yrgMBYou0wFFXjyJOXHLx0L6Tx96kt8tL553iE2aG_maHHDIk36xsz/s1600/IMG_3033.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmTF2KPQJcpaTZ00Q-iJ030C5pCBPcgWMzv7XIOW2rolRDVEYriasdHmWdVa4Rri0YWrN4L1q1KYbR5WJOeJ6BN2yrgMBYou0wFFXjyJOXHLx0L6Tx96kt8tL553iE2aG_maHHDIk36xsz/s320/IMG_3033.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
AllSpark</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFaPkdU9uhvFLOU4iu-CSL7QXydsaeM0kyXCy40vuHogO3Qk5S680eGDZ4LdKLyDxMBwjjM_zJ7TGgU_3ktUYlHLUgbRz8XtrgEiPDSkhyphenhyphenwzfEYTL1DDb5EAUl5kM41DiwVzFSVNiHehLd/s1600/SAM_0164.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFaPkdU9uhvFLOU4iu-CSL7QXydsaeM0kyXCy40vuHogO3Qk5S680eGDZ4LdKLyDxMBwjjM_zJ7TGgU_3ktUYlHLUgbRz8XtrgEiPDSkhyphenhyphenwzfEYTL1DDb5EAUl5kM41DiwVzFSVNiHehLd/s320/SAM_0164.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
DeLorean DMC 12 a.k.a. Time Machine (BTTF)</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHPmqkUHbFaQ9NzCVCnvmqPSPNbwbbtW-c40QwHKDbLqQabq1A2x7O5zT9jeiXrkUEpYJB3R3HVIF8nJQB5JKgVW9L8Wycc2EmUZDj3d0FQaArAHWlo2lJF0NDk10nQnRzfc8Fjid5rmb4/s1600/SAM_0184.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHPmqkUHbFaQ9NzCVCnvmqPSPNbwbbtW-c40QwHKDbLqQabq1A2x7O5zT9jeiXrkUEpYJB3R3HVIF8nJQB5JKgVW9L8Wycc2EmUZDj3d0FQaArAHWlo2lJF0NDk10nQnRzfc8Fjid5rmb4/s320/SAM_0184.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
DeLorean DMC 12 a.k.a. Time Machine (BTTF)</div>
<br />
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><b>Photos from Blackhat USA 2013 </b></span></div>
<div>
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><b><br /></b></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXdv2X0WFjxa1tme8DQJhN2Wx6BqlH4dzevCliEzTHD2N8Uu5TtJ70_SjE-NhTNeP03HqPWoqsXnC8J0gos3v_3zEDlY9U8fXBGUQ45ky7gZpDlfbFmHyWALR6WwdlK9W6o4De6lucuSLh/s1600/Blackhat+Presentation+2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXdv2X0WFjxa1tme8DQJhN2Wx6BqlH4dzevCliEzTHD2N8Uu5TtJ70_SjE-NhTNeP03HqPWoqsXnC8J0gos3v_3zEDlY9U8fXBGUQ45ky7gZpDlfbFmHyWALR6WwdlK9W6o4De6lucuSLh/s320/Blackhat+Presentation+2.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
I'm at Blackhat Arsenal Turbo Presentation</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnOgANDQwr3bTbOt0Y2PjYd3_kNDVvAG7eWYe_rXLpDpFl-TBdKRsCzOVEsJmPTn5KZjipOXgqisS98kFXaR9lC5KjWLDOTxRCj4-tmjQzVDV72sZfQ9gA6tFFLuRk-R0MZ8NVMTbuYgmg/s1600/Blackhat+Presentation.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnOgANDQwr3bTbOt0Y2PjYd3_kNDVvAG7eWYe_rXLpDpFl-TBdKRsCzOVEsJmPTn5KZjipOXgqisS98kFXaR9lC5KjWLDOTxRCj4-tmjQzVDV72sZfQ9gA6tFFLuRk-R0MZ8NVMTbuYgmg/s320/Blackhat+Presentation.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Audience of my turbo presentation.</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs_SoD5GdtAfZa5PV0zjH1LK0vw2MIkPridHdTqLuGc205FsdQSceYbAi7meQ7aSskap-6Q1xKSqufmE0V47V7kXu2fe32BOahQx5EBjeGGL-S2v41_om_SwV7zgB2PShf4HZjtvLs9Z4b/s1600/Station+6+-+Delight.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs_SoD5GdtAfZa5PV0zjH1LK0vw2MIkPridHdTqLuGc205FsdQSceYbAi7meQ7aSskap-6Q1xKSqufmE0V47V7kXu2fe32BOahQx5EBjeGGL-S2v41_om_SwV7zgB2PShf4HZjtvLs9Z4b/s320/Station+6+-+Delight.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Station 6 - I'm sharing Turkish Delight</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSWm2-XEsek9kesdvMLaEvg5L7lgHLGoC7FUc5JSUjHELOJ2qyPxSkRC0klX-NEoW5aJ0Ntsg2PLSuhDvhCwJ3bfpEihiuHcs7D5l4K2G1NHRV2oGMwT31fl4eT0mFbvTakHtyFPjEAm1L/s1600/arsenal_stations.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSWm2-XEsek9kesdvMLaEvg5L7lgHLGoC7FUc5JSUjHELOJ2qyPxSkRC0klX-NEoW5aJ0Ntsg2PLSuhDvhCwJ3bfpEihiuHcs7D5l4K2G1NHRV2oGMwT31fl4eT0mFbvTakHtyFPjEAm1L/s320/arsenal_stations.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Blackhat Arsenal Stations</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBqUZDCnxeHk0jPlHOsk6ucGzp7LcC9fEgS9aHUdZCR4n5EI_HDTW5qoJqWB3C5fCtlhE_cq4M2HACT700LPKQ87EWyKOsHWUH0DrWpnYFCw8e6pcyVgnoVkZ2ttt_-RfI4YquQ_6ycqxS/s1600/Blackhat+Presentation+-+Armitage.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBqUZDCnxeHk0jPlHOsk6ucGzp7LcC9fEgS9aHUdZCR4n5EI_HDTW5qoJqWB3C5fCtlhE_cq4M2HACT700LPKQ87EWyKOsHWUH0DrWpnYFCw8e6pcyVgnoVkZ2ttt_-RfI4YquQ_6ycqxS/s320/Blackhat+Presentation+-+Armitage.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Raphael Mudge (@armitagehacker) - Turbo Presentation</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfmWFGm9srHKoEIUQe_iQ90tgg9imvVlIXcKwpXkgPtoa0TxWJpaAHPzKN5HUMnHJadKqlDzWg9IX7kmGhfs-FBxVHmSaWpEH57R3oGg7GGbDHXFK_fUZyzDGucxo3aKFclTUwKkLlgvaW/s1600/general1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfmWFGm9srHKoEIUQe_iQ90tgg9imvVlIXcKwpXkgPtoa0TxWJpaAHPzKN5HUMnHJadKqlDzWg9IX7kmGhfs-FBxVHmSaWpEH57R3oGg7GGbDHXFK_fUZyzDGucxo3aKFclTUwKkLlgvaW/s320/general1.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
General Alexander is speaking about Security vs Surveillance</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0vqAUDVqYtWpcnqofJ8vjBhxF4NmC1EQUzep-VworOc7q2GjdFfreBOFoQGWDkllEvEm54CSVtDDC2XlVYbB-qYyehACFoEfYsV8nTFWUmos1Vu7YEV0JwUsOKLwE5IQFjDj8ZQG_zn7s/s1600/blackhat_hall.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0vqAUDVqYtWpcnqofJ8vjBhxF4NmC1EQUzep-VworOc7q2GjdFfreBOFoQGWDkllEvEm54CSVtDDC2XlVYbB-qYyehACFoEfYsV8nTFWUmos1Vu7YEV0JwUsOKLwE5IQFjDj8ZQG_zn7s/s320/blackhat_hall.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Blackhat Sponsors Hall</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBm9dBEKM5B5WXzg9-IAEFiHlnfmCAynvzjUwZQv0laprURPhfxuwruLVHoZ08aoe6QXIswcU2kA5Ii3BG0wzHrYZsGeTCJhhhJq5Htwsuux8oLEomfDg_snLlnbG5YSusQ3SyYYkTYx35/s1600/cdma_warning.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBm9dBEKM5B5WXzg9-IAEFiHlnfmCAynvzjUwZQv0laprURPhfxuwruLVHoZ08aoe6QXIswcU2kA5Ii3BG0wzHrYZsGeTCJhhhJq5Htwsuux8oLEomfDg_snLlnbG5YSusQ3SyYYkTYx35/s320/cdma_warning.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
CDMA Interception warning for Femtocell Presentation</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQro6wISl_xX_3VzqlXB4TGh9LpGyjbnO7ygSL9dgwRwPbtJUEWFb_pJ_QDolkbsJDbbrs3eUHYCDnXE-GFLBvswURtnsn8t9Zs-Xi_7tPxIHecMnB6S-QIMcT8NMetBI_GYQLpzEcoRXg/s1600/cdma_1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQro6wISl_xX_3VzqlXB4TGh9LpGyjbnO7ygSL9dgwRwPbtJUEWFb_pJ_QDolkbsJDbbrs3eUHYCDnXE-GFLBvswURtnsn8t9Zs-Xi_7tPxIHecMnB6S-QIMcT8NMetBI_GYQLpzEcoRXg/s320/cdma_1.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Slide from Femtocell Presentation</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSZDB_aeXxsAlM-B32E_zEW9evWiAm9osgAwcGblrWqYmdlw7P2xYf_oK67v7URtyNbZAS3VRrz_SW61UaXpUlEJen2Xciah4D8y8b5Msqry3g0XiGfnsdRDCcU6phrTocBDH_PDR66zc8/s1600/cdma_2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSZDB_aeXxsAlM-B32E_zEW9evWiAm9osgAwcGblrWqYmdlw7P2xYf_oK67v7URtyNbZAS3VRrz_SW61UaXpUlEJen2Xciah4D8y8b5Msqry3g0XiGfnsdRDCcU6phrTocBDH_PDR66zc8/s320/cdma_2.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Slide from Femtocell Presentation</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipfj_kR63gUZJX4mLJyCPZw0sNLiKwTekopp5gQ_bhrZC6M5EBuBlb4pZJPBTd6gXPboK3c2vFDY8pgl0JgnepiuuYa3S-rDaEgyBERvxmPF0CXlHdc_UQfVNurMHLhTyl9ItXro9jITkr/s1600/rsa_celebration.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipfj_kR63gUZJX4mLJyCPZw0sNLiKwTekopp5gQ_bhrZC6M5EBuBlb4pZJPBTd6gXPboK3c2vFDY8pgl0JgnepiuuYa3S-rDaEgyBERvxmPF0CXlHdc_UQfVNurMHLhTyl9ItXro9jITkr/s320/rsa_celebration.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Me, Anıl Pazvant (@pazwant) and Kadir Altan (@kadiraltan)</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtC0a3xiStqSHHsiSihlmpG_feZIKCCUvplbIcQGvY2IbOe5caJK_SohutnZU21UhJdgQHpDM_hio3ZR_YXBWuoRDyhW0Rkm0izBhVojpGhSx0EeUo89vgjkFclAEy-7Ky0dn5vAn8jaoP/s1600/Rapid7+Party.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtC0a3xiStqSHHsiSihlmpG_feZIKCCUvplbIcQGvY2IbOe5caJK_SohutnZU21UhJdgQHpDM_hio3ZR_YXBWuoRDyhW0Rkm0izBhVojpGhSx0EeUo89vgjkFclAEy-7Ky0dn5vAn8jaoP/s320/Rapid7+Party.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Rapid7 - Blackhat After Party</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8eRwkVAC7Kn282Bne3m0-CCbFAplWBobtJePr_yBUOwmJ9QFvjUrln5A6-om9_TWmgnNs2LVZjMFPnAX0ex7ABG5ZVpHgjhuJMyS4WzVVCYsulcWikTEN5MU3TSP8GtVXrYdWNXp1XRcM/s1600/Rapid7+Party+2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8eRwkVAC7Kn282Bne3m0-CCbFAplWBobtJePr_yBUOwmJ9QFvjUrln5A6-om9_TWmgnNs2LVZjMFPnAX0ex7ABG5ZVpHgjhuJMyS4WzVVCYsulcWikTEN5MU3TSP8GtVXrYdWNXp1XRcM/s320/Rapid7+Party+2.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Rapid7 Party - Graffiti Wall</div>
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><b><br /></b></span></div>
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><b>Photos from Defcon 21</b></span></div>
<div>
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><b><br /></b></span></div>
<div class="separator" style="clear: both; text-align: center;">
<img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipQcCsPfJPH5y1BzwNbg9pvBF-J6b9Znz2WlKLMXhY9Kw-1z_ASGSLcEjsXsF7izGJ65Ly7FjFfRG8pQ_z6fSTqd9SyciBl5EmGILnlI0pPr9w-W2siPEfrBdRkOd4olTlJ5g_KbwKi66o/s320/Welcome+DF21.JPG" style="color: #0000ee;" width="320" /></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="color: #0000ee;">Defcon 21</span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="color: #0000ee;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgPTSMPk-oj7NzkYfoJzjv4vxnKAEi6h_Q90Ds4pVhxGOr9IDx3oDGiZnxUL9C4bFnZL1EOaRtfVAgyoZ7AKTHy2Ol8SS_rpugksoyBQImY2LJXxhBzzdg-Fm36QLaYjFD-3Rz2c3rebkb/s320/DF21+Book.JPG" style="color: #0000ee;" width="320" /></div>
<div class="separator" style="clear: both; text-align: center;">
My Badge and Brief of my presentation</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8kYqfIZebIIH9VziN64hCXBSNz9WKVcJR80RHd55F346Kub7-lVBc1kfmUih9ekyeVjG0LCcEgftMtm0vhCjbrbeKgqBrsFYufQv-e66VrUh6Mvkjwdv5MKYwQ_f8ck8DdF-39pQmHzEx/s1600/Track2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8kYqfIZebIIH9VziN64hCXBSNz9WKVcJR80RHd55F346Kub7-lVBc1kfmUih9ekyeVjG0LCcEgftMtm0vhCjbrbeKgqBrsFYufQv-e66VrUh6Mvkjwdv5MKYwQ_f8ck8DdF-39pQmHzEx/s320/Track2.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
The audience at Track 2</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8D2e_fXyucVLzmtCiPeeWbeaSoCQE0tCFNKJzR7Z62WF-rUCRjQG4QcFTUuvRLcVM8uKAkK1O9F7Xx-G17xi62OKDoAOOfIwaHkLC-XJvUGTpV1rmO_xghD8r0c1ToUN66YWJ9p3T2Oec/s320/DF21+-+Speakers+Room.JPG" style="color: #0000ee;" width="320" /></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="color: #0000ee;">Preparing for Presentation at Speakers Room </span></div>
<div>
<span style="color: #0000ee;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidAv6m62IvPe7yINf1ZrRyKZiBMq5TWH53RUYpME80PdzOQKzvWBaNOt7q8OIo0U33dWcd55v8qxBTX53zakNwMvmyVrZKXtH-1cxC7DlrxdEGif_3jsuTNDLZOk4onzX8Mzw_l-9eA0-G/s320/DF21+-+Raki+in+the+Speakers+Room.JPG" style="color: #0000ee;" width="320" /></div>
<div class="separator" style="clear: both; text-align: center;">
Turkish Rakı for best question, warming up at speakers room</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjypXqiNM_F1q6c58wyDX_1AoqpGduckZHJOsPV5Hbb931RmbRcpgFpgAK1v5MzN_GMb5E-3OCSFR9zUEHHk-7cC3uAnYLQDR4gXpEUBX0zTvA80-lyapBz_qtdr4ulrWMjJkSjDcf_zwhO/s1600/Turkish+Raki.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjypXqiNM_F1q6c58wyDX_1AoqpGduckZHJOsPV5Hbb931RmbRcpgFpgAK1v5MzN_GMb5E-3OCSFR9zUEHHk-7cC3uAnYLQDR4gXpEUBX0zTvA80-lyapBz_qtdr4ulrWMjJkSjDcf_zwhO/s320/Turkish+Raki.JPG" width="240" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Turkish Rakı, 5 years old, oak aged.</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1Ve0CBU6A-VWgg334oEChNo4GxZRpyc-8w5TD7esX617_bTenEVugC4G0bJZl3UNtD9QNxUJrAwQeVJz2sYTGqwbxo0gJufZ9AoZ1B_yk-5eJgIlNFy0zB7vz6sqWO4B0aZLoOb6BpD0Z/s1600/DF21+-+Before+the+Conference.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1Ve0CBU6A-VWgg334oEChNo4GxZRpyc-8w5TD7esX617_bTenEVugC4G0bJZl3UNtD9QNxUJrAwQeVJz2sYTGqwbxo0gJufZ9AoZ1B_yk-5eJgIlNFy0zB7vz6sqWO4B0aZLoOb6BpD0Z/s320/DF21+-+Before+the+Conference.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Left side of my audience were waiting my presentation</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglmSIvyYw2DSU9appvoLpnVnaO6KsYH3JU6229_mL1pBBlZ_phIrN-NxB8VyABGuGvtBXfi8t2yBSY_PGFP0DmvM71KXlG47xjrK2VPRMVmGX5P52RYYha4bsJqwNwQUoqybMjtmeLSlRQ/s1600/DF21+-+Mudge.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglmSIvyYw2DSU9appvoLpnVnaO6KsYH3JU6229_mL1pBBlZ_phIrN-NxB8VyABGuGvtBXfi8t2yBSY_PGFP0DmvM71KXlG47xjrK2VPRMVmGX5P52RYYha4bsJqwNwQUoqybMjtmeLSlRQ/s320/DF21+-+Mudge.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Me and Mudge at Stage</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2OVlwqgp3odCB2iNwbRk1sPu4MEdGTlgbewMQrjm7iT3jfH-b8jNvA1857pVO1zlN6MA74i5tjLrkswoDC659eofvHcjWPmhSKxul0gV0Rdu38aeoqLof_Ez0HTEq3sHDxwJ9pzK0gTuN/s1600/DF21+-+Gift.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2OVlwqgp3odCB2iNwbRk1sPu4MEdGTlgbewMQrjm7iT3jfH-b8jNvA1857pVO1zlN6MA74i5tjLrkswoDC659eofvHcjWPmhSKxul0gV0Rdu38aeoqLof_Ez0HTEq3sHDxwJ9pzK0gTuN/s320/DF21+-+Gift.JPG" width="240" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Lucky guy who asked smartest questions :)</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigZp8gip67ExuUiX3zgWvmPIFHQHny7SxsG4aqRT3PzKOUS3-ycLqWGqxhnmXqz0Thv4kTi6rXIGx_sAQP91BpDMScsrhizZC2GQd4HLz3zFK7_jKxqClowaqSaH3UxaAMoKGUBjCPlk6U/s1600/DF21+-+Jason+Olstrom.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigZp8gip67ExuUiX3zgWvmPIFHQHny7SxsG4aqRT3PzKOUS3-ycLqWGqxhnmXqz0Thv4kTi6rXIGx_sAQP91BpDMScsrhizZC2GQd4HLz3zFK7_jKxqClowaqSaH3UxaAMoKGUBjCPlk6U/s320/DF21+-+Jason+Olstrom.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Me and Jason Olstrom (@justiceguy)</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU_agWZ-FdtDAm19dbiQB-yx4XFcTcW0T9_mPzxRSQ7DDNo5eFPh3yvQoNXYdC1nRTTNtP-3CdJlfUqedvrrQk5HgnaYZgc5VeNMh9GaFrOtztpiQ4EDbEXbyuTJ3Gtyq4cznNKjd7zC5e/s1600/DF21+-+Max+Sobell.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU_agWZ-FdtDAm19dbiQB-yx4XFcTcW0T9_mPzxRSQ7DDNo5eFPh3yvQoNXYdC1nRTTNtP-3CdJlfUqedvrrQk5HgnaYZgc5VeNMh9GaFrOtztpiQ4EDbEXbyuTJ3Gtyq4cznNKjd7zC5e/s320/DF21+-+Max+Sobell.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Me and Max Sobell (@msobell)</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmUMK7saAY1QTQKywnNK29RgWMuxnN4QSxFdq8NjJeYVUoPQ8EJ-zviqU9njpaR_BollII1l7eGJcM0IAY8N-AQqzvblUAukijvQ27jrOF0VrmRfb3e-L-8PXx0K-H2pmYyuqDqRW28-tH/s1600/DF21+-+Raphael.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmUMK7saAY1QTQKywnNK29RgWMuxnN4QSxFdq8NjJeYVUoPQ8EJ-zviqU9njpaR_BollII1l7eGJcM0IAY8N-AQqzvblUAukijvQ27jrOF0VrmRfb3e-L-8PXx0K-H2pmYyuqDqRW28-tH/s320/DF21+-+Raphael.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Me and Raphael Mudge (@armitagehacker)</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnW7pVcxbqX9Gzj8W60hbfsMdNGJ8Dl_l_6_6D07kLzVd95pz9Un5XtnCFLuPxdZvCUPaZcElUqcEO90wGm_4gI1reOCGcxqWb_tt5kNPT_iASajS6OkYCInfzbFcIehMXSUN0AXXNgG8f/s1600/DF21+-+Real+Voodoo.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnW7pVcxbqX9Gzj8W60hbfsMdNGJ8Dl_l_6_6D07kLzVd95pz9Un5XtnCFLuPxdZvCUPaZcElUqcEO90wGm_4gI1reOCGcxqWb_tt5kNPT_iASajS6OkYCInfzbFcIehMXSUN0AXXNgG8f/s320/DF21+-+Real+Voodoo.JPG" width="240" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Real Voodoo Babes for Real Penetration Testing at Defcon Hall</div>
<div class="separator" style="clear: both; text-align: center;">
I Tested, It Worked!</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzXxa263H30o-YmBcAzmP4M3M5e2zgUlj6PVYzNJbeoQJirTTCzCXA3NTMJsHUZMTFBdEaPs6TnEx8Eg7SUE_yb2PlbSRlqP25Gptax7j9AsUITyHxVzBaU8M8XNSy9b3Q3frohYzcHKWi/s1600/Defcon+21+Hall.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br class="Apple-interchange-newline" /><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzXxa263H30o-YmBcAzmP4M3M5e2zgUlj6PVYzNJbeoQJirTTCzCXA3NTMJsHUZMTFBdEaPs6TnEx8Eg7SUE_yb2PlbSRlqP25Gptax7j9AsUITyHxVzBaU8M8XNSy9b3Q3frohYzcHKWi/s320/Defcon+21+Hall.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Photo from Defcon Hall</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbE439kxSUSPkE190Sa-WHc35zNnBwKxfCVbUFOkXKbfFKrCVtppRnRgjUuMDlGERzFuOwd8WsZHICDlbqT1lAf3rMncnsZRHP8ZSdjmyEPealqud7O2TF0gMyF7Zu0bQO93gITIUrs-XJ/s1600/DF21+-+Hall+Raphael.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbE439kxSUSPkE190Sa-WHc35zNnBwKxfCVbUFOkXKbfFKrCVtppRnRgjUuMDlGERzFuOwd8WsZHICDlbqT1lAf3rMncnsZRHP8ZSdjmyEPealqud7O2TF0gMyF7Zu0bQO93gITIUrs-XJ/s320/DF21+-+Hall+Raphael.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Raphael Mudge is explaining features of Armitage and Cobalt Strike</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2FhytYkPR9GDxHzOzWcK-OiTrIF_fdww1Tqm7TuzM1qDusHcrsVEiN3rbsX6vT-3P3m4RkciO86gjYiHgg10U4wGhVPMlSPa_WO7DNYZ32Z4wOZBw4taaVEaGsibHr94xZurXAgFpyH84/s1600/DF21+-+RFID+Conf.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2FhytYkPR9GDxHzOzWcK-OiTrIF_fdww1Tqm7TuzM1qDusHcrsVEiN3rbsX6vT-3P3m4RkciO86gjYiHgg10U4wGhVPMlSPa_WO7DNYZ32Z4wOZBw4taaVEaGsibHr94xZurXAgFpyH84/s320/DF21+-+RFID+Conf.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
RFIdeas Tools </div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfbN18S05cpkIgYPpbZooVphYo9e0BVZIK_984zvubWY0oCo-3NJCxRIK9j_AYrqhr7w7670hqDPxLZprUuMUPaIda_o_xUOiOv685yxYTkSZhhjD5T2GeWsIERcJKzOUduRPwUcIeXfaT/s1600/DF21+Cafe.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfbN18S05cpkIgYPpbZooVphYo9e0BVZIK_984zvubWY0oCo-3NJCxRIK9j_AYrqhr7w7670hqDPxLZprUuMUPaIda_o_xUOiOv685yxYTkSZhhjD5T2GeWsIERcJKzOUduRPwUcIeXfaT/s320/DF21+Cafe.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Defcon Cafe</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBRV79BjT77LBimlNjM29zZTmdho_s8iYdQvZkYRvYL8KOcoQ1lnuI9g5Q8qgpT0FgjeZjamh5zgl1O4ZwbAL8UetieTD0KqFVk6bDuFnAZzVyA3qzA_16XiaMlJdPDX1cP3TxTn7jkR4_/s1600/DF21+Hall+5.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBRV79BjT77LBimlNjM29zZTmdho_s8iYdQvZkYRvYL8KOcoQ1lnuI9g5Q8qgpT0FgjeZjamh5zgl1O4ZwbAL8UetieTD0KqFVk6bDuFnAZzVyA3qzA_16XiaMlJdPDX1cP3TxTn7jkR4_/s320/DF21+Hall+5.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Photo from Defcon Hall</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiM1sHyJPnFGbmL7h6c7K7gLk1y8boOcCf6Qnq_uWP-ePoPxEorPvfzwhhwabeJzyLFShbQmhW9EQSEQYfzUitjnKTqYhCiuvbAsWUo0MAWZtnP5vtbMbcXeuDyCuJNzs9CnqgjX_M-O7xR/s1600/DF21-Hall2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiM1sHyJPnFGbmL7h6c7K7gLk1y8boOcCf6Qnq_uWP-ePoPxEorPvfzwhhwabeJzyLFShbQmhW9EQSEQYfzUitjnKTqYhCiuvbAsWUo0MAWZtnP5vtbMbcXeuDyCuJNzs9CnqgjX_M-O7xR/s320/DF21-Hall2.JPG" width="240" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Zeyna at Defcon Hall</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMhmU6o-nujQm8sdSU7CdtIobzxHj-jJ8JNpWUT9ozJISA2Ge_8INSb9Pxo33HRNilUbUJt41oroSpF4DO4EsmzrQHSofKyd9ztMrOr8_WAkS5Stf0PWHccD4xuPe1b5CfCIRfdSPxnOve/s1600/Hardware+Hacking+Hall.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMhmU6o-nujQm8sdSU7CdtIobzxHj-jJ8JNpWUT9ozJISA2Ge_8INSb9Pxo33HRNilUbUJt41oroSpF4DO4EsmzrQHSofKyd9ztMrOr8_WAkS5Stf0PWHccD4xuPe1b5CfCIRfdSPxnOve/s320/Hardware+Hacking+Hall.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Hardware Hacking Hall</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_NnXiBXe5TJ3AepBbQO8X1uDFjP4BZUuD17aKv9w-ww7o206RhnJo3on6t2VYb4CBRwDeuAUxzognhJS7iwab7Un8HATjm600mrfUz3YqFAhYUnzieq-llp3aVKn5gdLDm1X2_2PAIFYj/s1600/Monkey+-+Hardware+Hacking.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_NnXiBXe5TJ3AepBbQO8X1uDFjP4BZUuD17aKv9w-ww7o206RhnJo3on6t2VYb4CBRwDeuAUxzognhJS7iwab7Un8HATjm600mrfUz3YqFAhYUnzieq-llp3aVKn5gdLDm1X2_2PAIFYj/s320/Monkey+-+Hardware+Hacking.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Monkey the Hardware Hacker</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgY9I5wEu0gYF5UAh_rMrpL50eCr8eAGNJKeV7Ve_EV3J0kXuvzZ4P0vE5ujYlhbhQbip0xBbVOTH8C4Q_r4oBlLNivgzvwLxqIgdankkFHHP8iUujXiECfyeEQHEM0GC_o1wHrq8u4M_0f/s1600/Closing+Ceramony.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgY9I5wEu0gYF5UAh_rMrpL50eCr8eAGNJKeV7Ve_EV3J0kXuvzZ4P0vE5ujYlhbhQbip0xBbVOTH8C4Q_r4oBlLNivgzvwLxqIgdankkFHHP8iUujXiECfyeEQHEM0GC_o1wHrq8u4M_0f/s320/Closing+Ceramony.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Closing Ceremony of Defcon 21</div>
<br />
<div style="text-align: justify;">
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><b>Photos from Cluecon 2013, Chicago</b></span></div>
<div>
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><b><br /></b></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQguLrTPEijN4YG_T_HWUGnsvLiF7ntwTQjiIFQ1ke-ox6NMhd4F8lxNp6g3VNUWRJuaYjw2NaTi-uMK5GPPca0NY9tqpmTDBR9bDphWhkUiieyTEgw07AGi4_MuBgKbPFS2uORjxyNcOA/s1600/Cluecon.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQguLrTPEijN4YG_T_HWUGnsvLiF7ntwTQjiIFQ1ke-ox6NMhd4F8lxNp6g3VNUWRJuaYjw2NaTi-uMK5GPPca0NY9tqpmTDBR9bDphWhkUiieyTEgw07AGi4_MuBgKbPFS2uORjxyNcOA/s320/Cluecon.JPG" width="240" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Cluecon 2013</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3KBiMsgHYcGCx4D0MgFPKL6AkXfXxIsUisptpmJ3_C39lWRRwOdh9x5PcY0O6HXIGeSOOAG38oiFGXuxDBF68b_vkIjDLSGl1hjmVAjQYxhLX_j_q-ABJTdVuRdMda_YbwSHd_DWpfsIU/s1600/MousePads+from+Cluecon.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3KBiMsgHYcGCx4D0MgFPKL6AkXfXxIsUisptpmJ3_C39lWRRwOdh9x5PcY0O6HXIGeSOOAG38oiFGXuxDBF68b_vkIjDLSGl1hjmVAjQYxhLX_j_q-ABJTdVuRdMda_YbwSHd_DWpfsIU/s320/MousePads+from+Cluecon.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Mouse Pad from Cluecon</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlq6j16NltbnE_01PO9CErbVwdVXwApysjAMUaUINlS-8JL87gkWyjU568fP5BTdPFocnew7lgSCur5DwTtFRtQZaFvRef2gN44WOSGG6lXhKWQIU72A1ZYcBxwTn9U4qhPgTO0wmqD8Mq/s1600/Cluecon1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlq6j16NltbnE_01PO9CErbVwdVXwApysjAMUaUINlS-8JL87gkWyjU568fP5BTdPFocnew7lgSCur5DwTtFRtQZaFvRef2gN44WOSGG6lXhKWQIU72A1ZYcBxwTn9U4qhPgTO0wmqD8Mq/s320/Cluecon1.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Audience of Cluecon</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7kf_ilo-gnsRPqEZrjEFOTmNRMFrZV_zdeFFuxXVg9aBLVib_YTCWQ0idmt2aKo11YKmRH1D7Ub8JQKq87Cuib5Z606Bi1pJGwWRcLLBch3OinvbjhavB97HGgZ3YWIbQ4QbqZmZfNoqf/s1600/Cluecon+-+Phil+Zimmerman.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7kf_ilo-gnsRPqEZrjEFOTmNRMFrZV_zdeFFuxXVg9aBLVib_YTCWQ0idmt2aKo11YKmRH1D7Ub8JQKq87Cuib5Z606Bi1pJGwWRcLLBch3OinvbjhavB97HGgZ3YWIbQ4QbqZmZfNoqf/s320/Cluecon+-+Phil+Zimmerman.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Phil Zimmermann is speaking</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwVUK-EndTfmWg0Tpr71gGkv-CorikbnS4ScCudXSJd5ZQnDVImwudK6YBONf-zvpWH7SIkgle8VUNfF24LoRqCyDfXcO-LJHdnA77gyDgKdOT3kN3FxrmhjESipaIqoLYvKZvUCXJ8MMU/s1600/Travis+and+Phill+-+Cluecon.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwVUK-EndTfmWg0Tpr71gGkv-CorikbnS4ScCudXSJd5ZQnDVImwudK6YBONf-zvpWH7SIkgle8VUNfF24LoRqCyDfXcO-LJHdnA77gyDgKdOT3kN3FxrmhjESipaIqoLYvKZvUCXJ8MMU/s320/Travis+and+Phill+-+Cluecon.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Travis and Phil answer questions at Security BoF</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMRamZ4FA4yh94U7FEKmaesaehNRGUjzbC228klGZ3d5Fn3QQbv49y-Lym_DNWttTvRNdGEwpyBJzKYiezEAifIYmQ22yeOjIEEQ9zU4qm2ewVzB-9g9BfhlRS6oVKY6iFnQPgQCknMwyk/s1600/Travis+and+Phill+-+Clueon2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMRamZ4FA4yh94U7FEKmaesaehNRGUjzbC228klGZ3d5Fn3QQbv49y-Lym_DNWttTvRNdGEwpyBJzKYiezEAifIYmQ22yeOjIEEQ9zU4qm2ewVzB-9g9BfhlRS6oVKY6iFnQPgQCknMwyk/s320/Travis+and+Phill+-+Clueon2.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
Phil Zimmermann, Me and Travis Cross.</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
</div>
<br />
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: justify; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 19.984375px;"><b>Photos from Chicago, the last day of the trip</b></span></div>
</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEialJCVF8y7g-T7poPe6mViMi6J-DyXEfR42mxGj1peLMohyphenhyphen56aFMiMkyrzH7RdQEVbF4b8RcTrZ_t9qhJBNf7Hxh6i9863oPkLBawPF50T44VBFudNuYmh9_eCN4qVwesxIju8mcEJEaOl/s1600/SAM_0260.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEialJCVF8y7g-T7poPe6mViMi6J-DyXEfR42mxGj1peLMohyphenhyphen56aFMiMkyrzH7RdQEVbF4b8RcTrZ_t9qhJBNf7Hxh6i9863oPkLBawPF50T44VBFudNuYmh9_eCN4qVwesxIju8mcEJEaOl/s320/SAM_0260.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAAHFUH92YdmA34lXNfFnK6Gwg_gwlg6nU5lDmuURjrHECpHD3PSccB673ne224WZHPzX2NobIZc5yDAoJpZGf-4BNoUsislPLzjRJ32e0mfweCarape3-250DyzMsZsHgjoI03oEsXPxS/s1600/SAM_0267.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAAHFUH92YdmA34lXNfFnK6Gwg_gwlg6nU5lDmuURjrHECpHD3PSccB673ne224WZHPzX2NobIZc5yDAoJpZGf-4BNoUsislPLzjRJ32e0mfweCarape3-250DyzMsZsHgjoI03oEsXPxS/s320/SAM_0267.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWMUc-PDoww4u4CYCSAPoVWnW66kmw_QvBra56Z4VisiWkRUUMc4pqIKkoSPs9mDJjzoBLDD89rD37cMAD4mOvDeTk1l5Lb3ylIK8u1Z101vPJYmcJ6oajuSdtCpHFrXrF2E5IpUyw5hsa/s1600/Chicago+-+Pizza.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWMUc-PDoww4u4CYCSAPoVWnW66kmw_QvBra56Z4VisiWkRUUMc4pqIKkoSPs9mDJjzoBLDD89rD37cMAD4mOvDeTk1l5Lb3ylIK8u1Z101vPJYmcJ6oajuSdtCpHFrXrF2E5IpUyw5hsa/s320/Chicago+-+Pizza.JPG" width="320" /></a> </div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0xUCJREMdx_9vnXurb9_33rO6h4-BPNgHJXSFPIJfiRcCpP6yyXFP2mkghyphenhyphenmIWFvVp0fXahdYsVZun7eYHUrAD3UgBElUdr2KnTAHydLYKlzR849C0MU7_zkkXhb1z3dSCkBoqHqBFZCP/s1600/SAM_0309.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0xUCJREMdx_9vnXurb9_33rO6h4-BPNgHJXSFPIJfiRcCpP6yyXFP2mkghyphenhyphenmIWFvVp0fXahdYsVZun7eYHUrAD3UgBElUdr2KnTAHydLYKlzR849C0MU7_zkkXhb1z3dSCkBoqHqBFZCP/s320/SAM_0309.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUXk9OtJFkNlGC87jomW7CNwhupY40l4bIc3W7KjV1PWKqMyH_5AoevZSPmPqrxmKrvNA0rlftMNpnDojtkp2EQlZ-mJeqz5PvaYIk-ilf0BavUhzT7mNX0O03eRAYzcMJUR9PbU0JjZYp/s1600/SAM_0377.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUXk9OtJFkNlGC87jomW7CNwhupY40l4bIc3W7KjV1PWKqMyH_5AoevZSPmPqrxmKrvNA0rlftMNpnDojtkp2EQlZ-mJeqz5PvaYIk-ilf0BavUhzT7mNX0O03eRAYzcMJUR9PbU0JjZYp/s320/SAM_0377.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-5697362602172675922013-06-18T15:45:00.001+03:002013-06-18T16:27:45.560+03:00Hacking SIP Like a Boss! (Athcon 2013) Live Demo RemakeI had a presentation at Athcon 2013, Hacking SIP Like a Boss!. I have showed a Live Demo after Basic Usage Videos. This video is remake of Live Demo part. You can check basic usage of Viproy VoIP Penetration Kit from <a href="http://www.youtube.com/watch?v=AbXh_L0-Y5A" target="_blank">here</a>.<br />
<br />
<b>Live Demo Headlines</b><br />
<ol>
<li>SIP Proxy Bounce Attack</li>
<li>Hacking SIP Trust Relationships</li>
<li>Attacking Mobile Applications Using SIP Trust</li>
</ol>
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='640' height='480' src='https://www.youtube.com/embed/bSg3tAkh5gA?feature=player_embedded' frameborder='0'></iframe></div>
<br />
<br />
Viproy VoIP Penetration Kit Homepage<br />
http://viproy.com/voipkit<br />
<br />
Blog<br />
http://fozavci.blogspot.com<br />
<div>
<br /></div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-38646532614920210992013-06-12T14:31:00.002+03:002013-06-12T15:47:58.951+03:00Blackhat Arsenal USA 2013Viproy VoIP Penetration Testing and Exploitation Kit is accepted for Blackhat Arsenal USA 2013. It will be amazing for me, I will present it at Las Vegas, USA. Blackhat Arsenal USA 2013 line up is announced and many good tools are waiting for us. You can check all tools and author via this <a href="http://www.blackhat.com/us-13/arsenal.html" target="_blank">Blackhat Arsenal USA</a> page.<br />
<br />
Line up contains many cool tools. My favorite tools are armitage, dalvik inspector, drozer, gotbeef, hookme, smartphone pen-test framework, set and vega. They have created an <a href="http://www.blackhat.com/us-13/speakers/Fatih-Ozavci.html" target="_blank">author page</a> for me, I liked it :-)<br />
<br />
I'm working on a few modules for Viproy and I'm planning to announce them at Blackhat Arsenal USA 2013. SIP Message support, DDOS via SIP servers and MITM Fuzzing modules are coming.Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-60313927047324778402013-06-12T14:12:00.004+03:002013-06-12T15:33:52.416+03:00Athcon 2013 - Presentation, Notes and Photos<div style="text-align: justify;">
Athcon is annual, two-day security conference at Greece. I have presented "Hacking SIP Like a Boss" there and I had so much fun. It was amazing and there were really cool presentations at Athcon. Also I have met a few good friends such as Juriaan Breemer (@skier_t), George Nicolaou (@george_nicolaou), Michele Orru' (@antisnatchor), Ben Williams (@insidetrust) and Max Sobell (@msobell). Great thanks to Christian Papathanasiou, Kyprianos Vasilopoulos and the Athcon team. They have created an impressive security conference at Greece.</div>
<br />
My favorite presentations at Athcon<br />
<ul>
<li>Rooting your internals: custom shellcode, BeEF and Inter-Protocol Exploitation (Michele Orru')</li>
<li>Attacking NFC Mobile Wallets: Where Trust Breaks Down (Max Sobell)</li>
<li>Automated analysis and Deobfuscation of Android Apps & Malware (Jurriaan Bremer)</li>
<li>The Icarus story (George Nicolaou)</li>
<li>Hacking Appliances: Ironic exploits in security products (Ben Williams)</li>
</ul>
<br />
Slide Set of Hacking SIP Like a Boss!<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="470px" marginheight="0" marginwidth="0" mozallowfullscreen="" scrolling="no" src="http://www.slideshare.net/fozavci/slideshelf" style="border: none;" webkitallowfullscreen="" width="640px"></iframe>
<br />
Special thanks to Athcon team, because they let me add a few slides in my presentation about Gezi Park Protest in Istanbul (#occupygezi). You can check them in my presentation.<br />
<div>
<br /></div>
<div>
<br /></div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjM-jm9JXUkBPBxlUeXOVFwanZ1ljnWXGqTz8RfX0rWNmeFXVQIaN4Dk4bNHhZ4y_VIMRA_lCO_4PBbdiJLvPF4tDsqAGZdwCJmgwLmd8NjDe4fz7z8fcqVHqKkx8jL0Tf_Prn3GhiUV_32/s1600/IMG_2075.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="238" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjM-jm9JXUkBPBxlUeXOVFwanZ1ljnWXGqTz8RfX0rWNmeFXVQIaN4Dk4bNHhZ4y_VIMRA_lCO_4PBbdiJLvPF4tDsqAGZdwCJmgwLmd8NjDe4fz7z8fcqVHqKkx8jL0Tf_Prn3GhiUV_32/s320/IMG_2075.JPG" width="320" /></a><br />
<br />
Of course, pics or it didn't happen! :-) (continue for pics...)<br />
<br />
<a name='more'></a><br />
<br class="Apple-interchange-newline" />
Our Amazing Athcon Badges :)<br />
<br />
<div class="separator" style="clear: both;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9fQIAYuPcxHFxFkxhBzKrJv_bh51em78NzoHQUxRIHkvKZ5z7kcuSyF5D9tdohgsDHBNaaWlMSKWk4CMHviAYXD5P6zvnOIzRCk6QzPt2ezJOF3GtPQW6lgc6aKQAYF9A-E_LicjTBxdm/s1600/IMG_2093.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9fQIAYuPcxHFxFkxhBzKrJv_bh51em78NzoHQUxRIHkvKZ5z7kcuSyF5D9tdohgsDHBNaaWlMSKWk4CMHviAYXD5P6zvnOIzRCk6QzPt2ezJOF3GtPQW6lgc6aKQAYF9A-E_LicjTBxdm/s640/IMG_2093.JPG" width="480" /></a></div>
<div class="separator" style="clear: both;">
<br /></div>
Morning of First Day - Juriaan and George<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKKvc6xMSE1O0AuHvdcfCH0-rabETVczhm-FAxqYHELUNSQ-iizqZjH7FBwFRK7XZmcBo3UAP9nBL1K5IV1YM2igpzELZ6HQvWahkWexl8No7u05RAKqV48NOo8W_AkfSYoe_q2oD73xSQ/s1600/IMG_2060.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKKvc6xMSE1O0AuHvdcfCH0-rabETVczhm-FAxqYHELUNSQ-iizqZjH7FBwFRK7XZmcBo3UAP9nBL1K5IV1YM2igpzELZ6HQvWahkWexl8No7u05RAKqV48NOo8W_AkfSYoe_q2oD73xSQ/s640/IMG_2060.JPG" width="640" /></a></div>
<br />
Morning of First Day - Michele, Chris and Thomas<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGEFVIDw7XnyMqXrTH_0YFXes4aVkF7mo1ylTpKlKWxTVOFDYm6Y0dDd5fSgT4VvPOrIlnpH3v3yifl2HiBzDOsS5Axju2nQ_iWYvyJcBASHA7sgrewrjmubmKCv9UdEEOLNoW1vj1xCMG/s1600/IMG_2067.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGEFVIDw7XnyMqXrTH_0YFXes4aVkF7mo1ylTpKlKWxTVOFDYm6Y0dDd5fSgT4VvPOrIlnpH3v3yifl2HiBzDOsS5Axju2nQ_iWYvyJcBASHA7sgrewrjmubmKCv9UdEEOLNoW1vj1xCMG/s640/IMG_2067.JPG" width="640" /></a></div>
<div style="text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: start;">
We Get Root!</div>
<div class="separator" style="clear: both; text-align: start;">
<br /></div>
<div class="separator" style="clear: both; text-align: start;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT7u0g-l8dJWJ4XLU21dNwUd4EbOHkX2elRqPXyTNJTnnzNhzOXF_sYdk-K6oa6bh4Q0IympHoN39gtDiBDLiRnb5oMMMbskziexwTCqimE0i9nojaXohd9YoLiN1tS494tXA6TvtQ55g-/s1600/IMG_2062.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT7u0g-l8dJWJ4XLU21dNwUd4EbOHkX2elRqPXyTNJTnnzNhzOXF_sYdk-K6oa6bh4Q0IympHoN39gtDiBDLiRnb5oMMMbskziexwTCqimE0i9nojaXohd9YoLiN1tS494tXA6TvtQ55g-/s640/IMG_2062.JPG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Presentation of Max Sobell </div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgau4I4yUp4ubWEjAdvCf_bZgtfy33kMEM9sKaMaxilO5fs_uwff54GeB-bVCWOH_rx_StyWc07Isvt8ix9FUJuapWa049qO8Ier-94odfWA2t8BG_Wj95m0PMCXNKWUDRDQVOlQ878jPH4/s1600/IMG_2068.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgau4I4yUp4ubWEjAdvCf_bZgtfy33kMEM9sKaMaxilO5fs_uwff54GeB-bVCWOH_rx_StyWc07Isvt8ix9FUJuapWa049qO8Ier-94odfWA2t8BG_Wj95m0PMCXNKWUDRDQVOlQ878jPH4/s640/IMG_2068.JPG" width="640" /></a></div>
<br />
Presentation of Michele Orru'<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq5Pf4x8KRVcsX6Lg91dD0uCYr-nDoU4Q_rQQehVz_3MOBJWC2N9GJ630eJpu6_0FC6YkZFjE-LpkOsL1Gi13Fk1CD3qUUnJ_ThjTj_eDLREZUijxvEVQObIsOoOp8OzJVGjKwbboKbpRU/s1600/IMG_2071.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq5Pf4x8KRVcsX6Lg91dD0uCYr-nDoU4Q_rQQehVz_3MOBJWC2N9GJ630eJpu6_0FC6YkZFjE-LpkOsL1Gi13Fk1CD3qUUnJ_ThjTj_eDLREZUijxvEVQObIsOoOp8OzJVGjKwbboKbpRU/s640/IMG_2071.JPG" width="640" /></a></div>
<br />
Capture The Flag<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpl5Grapchjbr34oowG5Xi7qKVtMFzH2v15KQacEkqq4mAXD-Ycdyiyn0GbnY1Kq7Of6ivEeFfMUTwv6GivLvVA8aZljrhX8G3mnxoFgbwgt02TXB7H5VsY47ZtIhSa02F6VN4giyr5Wux/s1600/IMG_2086.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpl5Grapchjbr34oowG5Xi7qKVtMFzH2v15KQacEkqq4mAXD-Ycdyiyn0GbnY1Kq7Of6ivEeFfMUTwv6GivLvVA8aZljrhX8G3mnxoFgbwgt02TXB7H5VsY47ZtIhSa02F6VN4giyr5Wux/s640/IMG_2086.JPG" width="640" /></a></div>
<br />
Coffee Break - Amr, I Couldn't Remember :), Chris, Juriaan and Me<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtIUzcJtsuyybArfwYjempT_-Ly7g6K4OAC-hjUam9etk1HluuKE2FqFQBtQGoqC49ew8IIfhRd506UL4UXZDnwX1aQ_68y8lCJj3jj1qvu5_vRbWXrjWGY1Ee2r7H21MSZ3JfMp3vyNzg/s1600/IMG_2089.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtIUzcJtsuyybArfwYjempT_-Ly7g6K4OAC-hjUam9etk1HluuKE2FqFQBtQGoqC49ew8IIfhRd506UL4UXZDnwX1aQ_68y8lCJj3jj1qvu5_vRbWXrjWGY1Ee2r7H21MSZ3JfMp3vyNzg/s640/IMG_2089.JPG" width="640" /></a></div>
<br />
After the first day - Juriaan, Michele and George<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg56gOXSekbWzDNUkUz8EMzB8tdqXmERQUrhDWXpNDS_u3lToXwm2pzwLhUGjBT12WAcC6bEMx3wFHuwdOm3ddCHxS1ybzsXwFt0ngdmsmi1wSxqcNsZLtawRz_8Syuc7zmZUOPt_WcN0Xq/s1600/IMG_2090.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg56gOXSekbWzDNUkUz8EMzB8tdqXmERQUrhDWXpNDS_u3lToXwm2pzwLhUGjBT12WAcC6bEMx3wFHuwdOm3ddCHxS1ybzsXwFt0ngdmsmi1wSxqcNsZLtawRz_8Syuc7zmZUOPt_WcN0Xq/s640/IMG_2090.JPG" width="640" /></a></div>
<br />
Hacking SIP Like a Boss<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkBPIaNHghoJ2KJq3ToG-UaQ04KToRZONxk7ltrNSJlXqMthP7IpTvdd6iZOyk9uQ6D5ZGOfaa_nDVauxiP_AZVl8GoAF_ie1KGrXZ3nnEG73gMtyrH7kG5YcewBSqB13dhcCHwj4svnsy/s1600/IMG_2092.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="476" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkBPIaNHghoJ2KJq3ToG-UaQ04KToRZONxk7ltrNSJlXqMthP7IpTvdd6iZOyk9uQ6D5ZGOfaa_nDVauxiP_AZVl8GoAF_ie1KGrXZ3nnEG73gMtyrH7kG5YcewBSqB13dhcCHwj4svnsy/s640/IMG_2092.JPG" width="640" /></a></div>
<br />
Presentation of Juriaan Bremer<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVcyOTCVfCboydz5dHogQfqTm6RVRSR2R3pgMSY_P3STApUysB0Ex5Js7ZAiobJIe9EAkO_zur6MRohjkbdBGngvZCRv_EbZd8eS8zGDeRvzjpLkkGqTPOqZQF4rMZmGLQ2we_B5TgU4TL/s1600/IMG_2105.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVcyOTCVfCboydz5dHogQfqTm6RVRSR2R3pgMSY_P3STApUysB0Ex5Js7ZAiobJIe9EAkO_zur6MRohjkbdBGngvZCRv_EbZd8eS8zGDeRvzjpLkkGqTPOqZQF4rMZmGLQ2we_B5TgU4TL/s640/IMG_2105.JPG" width="640" /></a></div>
<br />
Presentation of George Nicolaou<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEiokvBpa5oWG9adG0eVq7Fs3p_T5kXtVotyQQ-ik8YeFpxp5qyn8ZiVdENvo9seq26HsEyoTK5jqPs55bhSEYcEPqREjBSXcb5mDqMCy5cMNyibulJh-SlPgRwGylF8X52w88wMx4GqnX/s1600/IMG_2109.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEiokvBpa5oWG9adG0eVq7Fs3p_T5kXtVotyQQ-ik8YeFpxp5qyn8ZiVdENvo9seq26HsEyoTK5jqPs55bhSEYcEPqREjBSXcb5mDqMCy5cMNyibulJh-SlPgRwGylF8X52w88wMx4GqnX/s640/IMG_2109.JPG" width="640" /></a></div>
<br />
Young Padawan of Athcon 2013 Capture the Flag<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirol0LPyK4kaetawZUDV2sSmzNdZ_DJLqiLA-pw5V4C1ZxfaAzVJm5R73aNpHY-p_8rGsVlMgv-13NNF1KmU0_pgZ1scZ7OPP5eg7xDo81zrKvBWhuUczNXIxuyqzO3sMqfZdJ5tOBvr-n/s1600/IMG_2112.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirol0LPyK4kaetawZUDV2sSmzNdZ_DJLqiLA-pw5V4C1ZxfaAzVJm5R73aNpHY-p_8rGsVlMgv-13NNF1KmU0_pgZ1scZ7OPP5eg7xDo81zrKvBWhuUczNXIxuyqzO3sMqfZdJ5tOBvr-n/s640/IMG_2112.JPG" width="640" /></a></div>
<br />
<br />
Thanks guys !<br />
<br />
<br />Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-89138025792043603432013-05-07T11:47:00.000+03:002013-06-12T15:34:02.926+03:00UDP Port Scanning Using SIP Proxies<div style="text-align: justify;">
Port Scanning is an important phase of network mapping. All attacks and collected information rely on this phase. It's more important when discovering VoIP networks, because of UDP and IP based trust infrastructure. We can discover network services and SIP services via UDP scan, but we can detect only accessible servers. We need more information to execute SIP Trust based attacks. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
However a simple technique helps us to discover inaccessible SIP servers. SIP Proxies redirect SIP requests to host in SIP URI. When the request contains this header "<b><span style="color: red;">sip:HOST:PORT</span></b>", SIP Proxy try to redirect request to the target HOST and its PORT. SIP Proxy returns HOST's response if there is a response, otherwise time out error generated. We can use this configuration to scan inaccessible servers such as trusted servers, 3rd party servers and private gateway services. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I developed a PoC scanning module to scan 3rd party servers via SIP Proxies. It's useful for UDP based SIP Server discovery. This module reports accessible servers, ports and SIP service software. I prepared a demo, this is a usage of scanning module to discover ports of 192.168.1.146 and 192.168.1.203. Vulnerable SIP Proxy is 192.168.1.145, we try to scan a port range of target hosts. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Viproy VoIP Penetration and Exploitation Kit - Github Page</div>
<div style="text-align: justify;">
http://github.com/fozavci/viproy-voipkit</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
</div>
Viproy VoIP Penetration and Exploitation Kit - Homepage<br />
http://www.viproy.com/voipkit<br />
<div>
<br /></div>
<br />
<br />
<span style="font-family: Trebuchet MS, sans-serif;">msf auxiliary(vsipportscan-options) > <b>show options </b></span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">Module options (auxiliary/scanner/sip/vsipportscan-options):</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;"> Name Current Setting Required Description</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"> ---- --------------- -------- -----------</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"> CHOST 192.168.1.100 no The local client address</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"> CPORT 5091 no The local client port</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"> RHOSTS 192.168.1.146 192.168.1.203 yes IP Range for UDP Port Scan</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"> RPORTS 5060-5065 yes Port Range for UDP Port Scan</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"> SIP_SERVER_IP 192.168.1.145 yes Vulnerable SIP Server IP</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"> SIP_SERVER_PORT 5060 yes Vulnerable SIP Server Port</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"> THREADS 1 yes The number of concurrent threads</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">msf auxiliary(vsipportscan-options) > <b>set RPORTS 5058-5062</b></span><br />
<span style="font-family: Trebuchet MS, sans-serif;">RPORTS => 5058-5062</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">msf auxiliary(vsipportscan-options) ><b> set VERBOSE true</b></span><br />
<span style="font-family: Trebuchet MS, sans-serif;">VERBOSE => true</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">msf auxiliary(vsipportscan-options) ><b> run</b></span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">[*] Starting SIP Socket on 192.168.1.100:5091</span><br />
<span style="font-family: Trebuchet MS, sans-serif;">[*] Sending Packet for 192.168.1.146:5058</span><br />
<span style="font-family: Trebuchet MS, sans-serif;">[*] 192.168.1.146 5058 is Close/Filtered</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">[*] Sending Packet for 192.168.1.146:5059</span><br />
<span style="font-family: Trebuchet MS, sans-serif;">[*] 192.168.1.146 5059 is Close/Filtered</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">[*] Sending Packet for 192.168.1.146:5060</span><br />
<b><span style="color: red; font-family: Trebuchet MS, sans-serif;">[+] 192.168.1.146 5060 is Open</span></b><br />
<b><span style="color: red; font-family: Trebuchet MS, sans-serif;"> Server <span class="Apple-tab-span" style="white-space: pre;"> </span>: FPBX-2.11.0beta2(11.2.1)</span></b><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">[*] Sending Packet for 192.168.1.146:5061</span><br />
<span style="font-family: Trebuchet MS, sans-serif;">[*] 192.168.1.146 5061 is Close/Filtered</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">[*] Sending Packet for 192.168.1.146:5062</span><br />
<span style="font-family: Trebuchet MS, sans-serif;">[*] 192.168.1.146 5062 is Close/Filtered</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">[*] Sending Packet for 192.168.1.203:5058</span><br />
<span style="font-family: Trebuchet MS, sans-serif;">[*] 192.168.1.203 5058 is Close/Filtered</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">[*] Sending Packet for 192.168.1.203:5059</span><br />
<span style="font-family: Trebuchet MS, sans-serif;">[*] 192.168.1.203 5059 is Close/Filtered</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">[*] Sending Packet for 192.168.1.203:5060</span><br />
<span style="color: red; font-family: Trebuchet MS, sans-serif;"><b>[+] 192.168.1.203 5060 is Open</b></span><br />
<span style="color: red; font-family: Trebuchet MS, sans-serif;"><b> User-Agent <span class="Apple-tab-span" style="white-space: pre;"> </span>: 3CXPhoneSystem 11.0.28976.849 (28862)</b></span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">[*] Sending Packet for 192.168.1.203:5061</span><br />
<span style="font-family: Trebuchet MS, sans-serif;">[*] 192.168.1.203 5061 is Close/Filtered</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">[*] Sending Packet for 192.168.1.203:5062</span><br />
<span style="font-family: Trebuchet MS, sans-serif;">[*] 192.168.1.203 5062 is Close/Filtered</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">[*] Stopping SIP Sockets...</span><br />
<span style="font-family: Trebuchet MS, sans-serif;">[*] Auxiliary module execution completed</span><br />
<div>
<br /></div>
<br />Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-66304563715109372962013-04-29T13:40:00.001+03:002013-06-12T15:34:40.068+03:00Security Audit of NGN and VoIP Systems (Turkish)<div style="text-align: justify;">
I have presented a seminar about NGN and VoIP Security Analysis at Cypsec 2013 event. This slide set includes NGN and VoIP Attacking Techniques in Basic, Using Viproy VoIP Kit for Attacks and Its Features. </div>
<br />
<br />
<iframe frameborder="0" height="500" marginheight="0" marginwidth="0" scrolling="no" src="http://www.slideshare.net/slideshow/embed_code/20184329" width="640"></iframe>Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-44039061753077613802013-04-24T15:23:00.000+03:002013-06-12T15:34:21.718+03:00SSL over IO Usage for Converting HTTPS Connect Requests on MITM Analysis<div style="text-align: justify;">
Mobile applications use SSL Connect requests to connect remote server for HTTPS Communications. Mobile Applications should be analyzed dynamically during Penetration Tests and MITM attacks are very useful in this stage. HTTPS communications should be converted via MITM Proxies such as Burp Proxy and Fiddler2. These tools useful to convert HTTPS Connect requests and intercept them. Manual request mangling and fuzzing depend on this HTTPS Connect conversion. These tools are closed source and they don't explain this feature. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<a href="https://github.org/YakindanEgitim/mbfuzzer">MBFuzzer</a> is a subproject of <a href="http://www.yakindanegitim.org/">Yakindan Egitim</a>, I'm mentor of this MBFuzzer and <a href="http://mehmetklic.blogspot.com/" target="_blank">Mehmet Kilic</a> is the developer of it. MBFuzzer is an MITM Mobile Application Fuzzing tool, HTTPS Connect conversion is one of the main requirements. We presented a way to convert HTTPS Connect requests via IO (Input/Output). It has a little CA Error bug but it works for conversion, it will be fixed later.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
When MBFuzzer Proxy detects a HTTPS Connect Request (CONNECT domain:port HTTP/1.1), it connects target (domain:port) and send "HTTP/1.1 200 Connection Established" message to client socket. After this message, Client tries to initiate a HTTPS session and MBFuzzer accepts this connection as a server via sending connection to ssl_io function (ssl_connection=ssl_io(connection)).</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This Code is Responsible to Convert HTTPS Requests</div>
<div style="text-align: justify;">
</div>
<br />
<br />
<div style="text-align: start;">
<span style="font-family: Trebuchet MS, sans-serif;">#creating ssl io object</span></div>
<div style="text-align: start;">
<span style="font-family: Trebuchet MS, sans-serif;">def ssl_io(io)</span></div>
<div style="text-align: start;">
<span style="font-family: Trebuchet MS, sans-serif;"><span class="Apple-tab-span" style="white-space: pre;"> </span>begin</span></div>
<div style="text-align: start;">
<span style="font-family: Trebuchet MS, sans-serif;"><span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span>sslContext = OpenSSL::SSL::SSLContext.new</span></div>
<div style="text-align: start;">
<span style="font-family: Trebuchet MS, sans-serif;"><span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span>sslContext.cert = OpenSSL::X509::Certificate.new(File.open('./certs/server.crt'))</span></div>
<div style="text-align: start;">
<span style="font-family: Trebuchet MS, sans-serif;"><span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span>sslContext.key = OpenSSL::PKey::RSA.new(File.open('./certs/server.key'))</span></div>
<div style="text-align: start;">
<span style="font-family: Trebuchet MS, sans-serif;"><span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span>sslContext.ca_file = './certs/cacert.pem'</span></div>
<div style="text-align: start;">
<span style="font-family: Trebuchet MS, sans-serif;"><span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span>sslContext.verify_mode = OpenSSL::SSL::VERIFY_NONE</span></div>
<div style="text-align: start;">
<span style="color: red; font-family: Trebuchet MS, sans-serif;"><span class="Apple-tab-span" style="white-space: pre;"> </span>sslio = OpenSSL::SSL::SSLSocket.new(io, sslContext)</span></div>
<div style="text-align: start;">
<span style="color: red; font-family: Trebuchet MS, sans-serif;"><span class="Apple-tab-span" style="white-space: pre;"> </span>sslio.sync_close = true</span></div>
<div style="text-align: start;">
<span style="color: red; font-family: Trebuchet MS, sans-serif;"><span class="Apple-tab-span" style="white-space: pre;"> </span>sslio.accept</span></div>
<div style="text-align: start;">
<span style="font-family: Trebuchet MS, sans-serif;"><span class="Apple-tab-span" style="white-space: pre;"> </span>rescue Exception => sslException</span></div>
<div style="text-align: start;">
<span style="font-family: Trebuchet MS, sans-serif;"><span class="Apple-tab-span" style="white-space: pre;"> </span>puts "SSL Exception : #{sslException}"</span></div>
<div style="text-align: start;">
<span style="font-family: Trebuchet MS, sans-serif;"><span class="Apple-tab-span" style="white-space: pre;"> </span>end</span></div>
<div style="text-align: start;">
<span style="font-family: Trebuchet MS, sans-serif;"><span class="Apple-tab-span" style="white-space: pre;"> </span>return sslio</span></div>
<div style="text-align: start;">
<span style="font-family: Trebuchet MS, sans-serif;">end</span></div>
<br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Standard implementations of ruby SSL servers use OpenSSL::SSL::SSLServer class, unfortunately this class is not useful in this situation. It's designed to serve SSL via TCP Socket and it doesn't work without it. We used OpenSSL::SSL::SSLSocket class that designed to initiate SSL client requests. We disabled "sync" that try to make an SSL handshake and started to accept this IO as an SSL socket. After this modifications; MBFuzzer accepts HTTPS Connect requests, handles SSL IO as a server, manipulate content, sends it to remote server and redirect response to client via SSL session.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
We have a few bugs of course, a tls error caused by CA issues and IO.sysread problems. You can inspect our project, use this HTTPS Proxy Library in your project or send us fixes. It's license is GPL, you can use or contribute it. We are working on bugs, on-the-fly certification generation and request mangling features. I'll keep this blog updated about MBFuzzer and Yakindan Egitim projects.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-2601968665918442152013-04-13T14:12:00.001+03:002013-06-12T15:34:32.857+03:00Viproy - VoIP Penetration and Exploitation Testing KitViproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.<br />
<div>
<br /></div>
<br />
Project Page : http://www.github.com/fozavci/viproy-voipkit<br />
Download : https://github.com/fozavci/viproy-voipkit/archive/master.zip<br />
<br />
<br />
<b>Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video</b><br />
<br />
This is a training video for penetration testing of SIP servers.<br />
<br />
Chapters of Training Video<br />
1-Footprinting of SIP Services<br />
2-Enumerating SIP Services<br />
3-Registering SIP Service with/without Credentials<br />
4-Brute Force Attack for SIP Service<br />
5-Call Initiation with/without Spoof & Credentials<br />
6-Hacking Trust Relationships<br />
7-Intercepting SIP Client with SIP Proxy<br />
<br />
<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="480" src="http://www.youtube.com/embed/AbXh_L0-Y5A" width="640"></iframe>Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.comtag:blogger.com,1999:blog-5072818186906402349.post-27697271701021901242013-04-08T11:36:00.000+03:002013-06-12T15:35:02.303+03:00Exploit Development Using Metasploit Framework (Presentation)Me and my friend, Canberk Bolat, have presented a seminar about Exploit Development and Metasploit Framework at Free Software and Linux Days 2013 event. This slide set includes basic Exploit Development Techniques, Metasploit Framework Mixins and Its Features. Also we have demonstrated exploit development techniques with sample codes and exploit modules.<br />
<br />
<br />
<iframe frameborder="0" height="480" marginheight="0" marginwidth="0" scrolling="no" src="http://www.slideshare.net/slideshow/embed_code/18393143" width="640"></iframe>Fatih Özavcıhttp://www.blogger.com/profile/11182696680493261931noreply@blogger.com