VoIP Wars: Destroying Jar Jar Lync Materials

VoIP Wars: Destroying Jar Jar Lync has been presented at Blackhat Europe 2015, GSEC Hack In The Box Singapore 2015 and Ruxcon 2015. The presentation contains newly published security vulnerabilities for the Microsoft Skype for Business platform, a test methodology and a customised testing tool named Viproxy. The unfiltered edition of the presentation, Viproxy 2.0, exploits, security advisory and demonstration video are available below.

VoIP Wars: Destroying Jar Jar Lync (HITB Singapore presentation video)



VoIP Wars: Destroying Jar Jar Lync (Presentation) 

SOS-15-005 – Microsoft Skype for Business 2016 unauthorised script execution security advisory (including P0C exploits)

http://www.senseofsecurity.com.au/advisories/SOS-15-005.pdf

SOS-15-005 – Microsoft Skype for Business 2016 unauthorised script execution demonstration

Viproxy 2.0

http://viproy.com/files/viproxy-2.0.zip

Detailed information about Viproy VoIP Pen-Test Kit and VoIP Wars research series.

http://www.viproy.com 

VoIP Wars – Destroying Jar Jar Lync (Filtered version)

Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as call centre, internal communication, cloud communication and video conference platform. These services are based on the VoIP and instant messaging protocols, and support multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also the official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with .NET framework. Although the Microsoft Lync platform has been developed along with the new technologies, it still suffers from old VoIP, teleconference and platform issues.

Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks and insecure compatibility options may allow attackers to hijack enterprise communications. The enterprise users and employees are also the next generation targets for these attackers. They can attack client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead to privacy violations, legal issues, call/toll fraud and intelligence collection.

Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules of the Viproy VoIP kit developed by the speaker. This will be accompanied by live demonstrations against a test environment.

•    A brief introduction to Microsoft Lync ecosystem
•    Security requirements, design vulnerabilities and priorities
•    Modern threats against commercial Microsoft Lync services
•    Demonstration of new attack vectors against target test platform

Training: Practical VoIP Hacking with Viproy (Kiwicon'14)

We have prepared a VoIP hacking training for the Kiwicon security conference at New Zealand. The training focus is the testing of the VoIP signalling protocols using Viproy. We'll explain the VoIP essentials and the protocol basics for SIP and Skinny. Also it will be demonstrated that how we can attack to the VoIP servers using web management interfaces, essential services and signalling services. Viproy VoIP penetration testing kit will be in use for the basic and advanced attacks such as SIP trust hacking, SIP proxy bounce attack, Skinny service manipulation, CUCDM exploitation and attacking VoIP clients. If you're interested in about VoIP and attending to Kiwicon, come and join us in this training.

Registration:

You can sign up this training using the form at the Kiwicon homepage.

https://kiwicon.org/the-con/training/practical-voip-hacking-with-viproy

VoIP Wars and the Awesome Audience

Last year, was my first DEF CON presentation “VoIP Wars: Return of the SIP.” I really enjoyed being a part of this amazing security conference. I presented some next generation VoIP attacks such as SIP trust hacking, SIP proxy bounce attacks and attacking mobile applications through the SIP protocol. I also announced my security assessment tool Viproy VoIP penetration testing kit during the security conference.

Click here to continue reading at ACM - Computers in Entertainment

VoIP Wars: Attack of the Cisco Phones

I have shared my Cisco based hosted VoIP networks security research at Blackhat USA 2014 and DEF CON 22 last week. This research contains several different attack vectors, published vulnerabilities, unpatched vulnerabilities, Skinny protocol attacks, new SIP protocol attacks, VOSS IP phone XML services attacks and new version of Viproy VoIP penetration testing kit. I'll prepare a few detailed blog entries for them, before this, you can review the slide set and the recap of the live demos of the presentation.

VoIP Wars: Attack of the Cisco Phones (Presentation)

VoIP Wars: Attack of the Cisco Phones (Live Demo Remake)

AusCERT 2014 Tutorials from Sense of Security

Sense of Security will have 2 tutorials and 3 presentations at AusCERT 2014, details are accessible at the tutorials and the presentations pages of the event. 

Nathaniel Carew, Nadeem Ahmed Salim and I have prepared a penetration testing tutorial for mobile applications, registration link is accessible from here. We're planning to explain test procedures of the mobile pen-test, testing tools and the cutting-edge techniques. We will cover iOS and Android platforms for the tutorial, the demonstrations prepared for these platforms as well. They will be based on sample vulnerable applications and real applications from the application stores. The followings are the headlines of the mobile pen-test tutorial.

Penetration Testing for Mobile Applications and Web Services

• Mobile Applications 101
• Preparing a mobile pen-test lab 
• Auditing platform integration 
• Compile options, Encryption, Storage, Caching, Logs
• Reverse engineering
• Unpacking, Deobfuscating, Permission Management
• Source code analysis, Protection bypass, Sandbox Issues
• Runtime manipulation, Debugging
• Transport and communication features 
• Certificate pinning, MITM, Fake services

Moreover, Shawn Thompson and I have prepared an another tutorial as well, Next Generation Attacks and Countermeasures for VoIP. Registration link is accessible from here and the major tool of the tutorial, Viproy, is accessible from here. We're planning to demonstrate next generation VoIP attacks starting from the LAN attacks to the SIP, Skinny, Trust and Proxy attacks. The beta versions of the new Viproy modules will be in these demonstrations as well such as Skinny signalling protocol attacks, CDP support, Cisco vendor support for SIP, TCP and SSL support for SIP. We will prepare a test lab for the tutorial which includes different SIP servers, VLAN supported switch, Cisco SIP and Skinny services. The followings are the headlines of the mobile pen-test tutorial.

Next Generation Attacks and Countermeasures for VoIP

• Network Infrastructure Analysis
• WAN/LAN/VLAN analysis, Service discovery
• IP Telephony Server Security
• Weak configuration, Management issues
• SIP, Skinny and RTP Analysis
• Discovery, Authentication, Call tests, VAS
• Enumeration, Eavesdropping, Call Spoofing
• VoIP Clients’ Security 
• Advanced Attacks
• Trust hacking, Proxy hacking, DoS, Fuzzing

If you have further questions about these tutorials, feel free to contact me at fatih.ozavci at viproy.com. 

Blackhat Arsenal USA 2013

Viproy VoIP Penetration Testing and Exploitation Kit is accepted for Blackhat Arsenal USA 2013. It will be amazing for me, I will present it at Las Vegas, USA. Blackhat Arsenal USA 2013 line up is announced and many good tools are waiting for us. You can check all tools and author via this Blackhat Arsenal USA page.

Line up contains many cool tools. My favorite tools are armitage, dalvik inspector, drozer, gotbeef, hookme, smartphone pen-test framework, set and vega. They have created an author page for me, I liked it :-)

I'm working on a few modules for Viproy and I'm planning to announce them at Blackhat Arsenal USA 2013. SIP Message support, DDOS via SIP servers and MITM Fuzzing modules are coming.

Athcon 2013 - Presentation, Notes and Photos

Athcon is annual, two-day security conference at Greece. I have presented "Hacking SIP Like a Boss" there and I had so much fun. It was amazing and there were really cool presentations at Athcon. Also I have met a few good friends such as Juriaan Breemer (@skier_t), George Nicolaou (@george_nicolaou), Michele Orru' (@antisnatchor), Ben Williams (@insidetrust) and Max Sobell (@msobell). Great thanks to  Christian Papathanasiou, Kyprianos Vasilopoulos and the Athcon team. They have created an impressive security conference at Greece.

My favorite presentations at Athcon

• Rooting your internals: custom shellcode, BeEF and Inter-Protocol Exploitation (Michele Orru')
• Attacking NFC Mobile Wallets: Where Trust Breaks Down (Max Sobell)
• Automated analysis and Deobfuscation of Android Apps & Malware (Jurriaan Bremer)
• The Icarus story (George Nicolaou)
• Hacking Appliances: Ironic exploits in security products (Ben Williams)

Slide Set of Hacking SIP Like a Boss!


Special thanks to Athcon team, because they let me add a few slides in my presentation about Gezi Park Protest in Istanbul (#occupygezi). You can check them in my presentation.

Of course, pics or it didn't happen! :-)  (continue for pics...)