VoIP Wars: Destroying Jar Jar Lync Materials

VoIP Wars: Destroying Jar Jar Lync has been presented at Blackhat Europe 2015, GSEC Hack In The Box Singapore 2015 and Ruxcon 2015. The presentation contains newly published security vulnerabilities for the Microsoft Skype for Business platform, a test methodology and a customised testing tool named Viproxy. The unfiltered edition of the presentation, Viproxy 2.0, exploits, security advisory and demonstration video are available below.

VoIP Wars: Destroying Jar Jar Lync (HITB Singapore presentation video)



VoIP Wars: Destroying Jar Jar Lync (Presentation) 

SOS-15-005 – Microsoft Skype for Business 2016 unauthorised script execution security advisory (including P0C exploits)

http://www.senseofsecurity.com.au/advisories/SOS-15-005.pdf

SOS-15-005 – Microsoft Skype for Business 2016 unauthorised script execution demonstration

Viproxy 2.0

http://viproy.com/files/viproxy-2.0.zip

Detailed information about Viproy VoIP Pen-Test Kit and VoIP Wars research series.

http://www.viproy.com 

Hacking Trust Relationships Between SIP Gateways

----------------------------------a Good Introduction from Mr. Paul Henry (phenry at sans.org)-----------------

The ability to abuse trust relationships has plagued (and continues to) many aspects of network security. One of the most memorable attacks that clearly illustrated an abuse of trust relationships was back in 1995 - the Kevin Mitnick / Tsutomu Shimomura hack. Through a combination of spoofing his IP address, guessing predictable IP sequence numbers and a SYN flood attack Kevin Mitnick was able to abuse the trust relationship of Tsutomu Shimomura's network. Once he had successfully abused the trust relationship of Tsutomu Shimomura's network he was able to then maintain persistence by simply adding himself to the .rhosts file on Tsutomu Shimomura's computer. While it was 18 years ago the premiss of the attack is still just as relevant today as shown in this blog post - Trust Relationship + Reconnaissance + Predictability = HACKED ! 

----------------------------------------------------Thanks for Introduction---------------------------------------------------

NGN (Next Generation Networks) operators provide SIP services for their customers. Customers can call other operator's customers via SIP services and SIP gateways. SIP gateways use SIP Trunks for trusted call initiation and cdr/invoice management.

SIP trunk defines as an IP address or specific FROM number in many cases. Challenge-Response or certificate based authentication is slow for quick response in this type of large call counts. Because of that, SIP trunks have no password or IP based filter applied for trunk authentication. These SIP trunks use specific FROM numbers or Proxy fields to initiate a call. Besides, most of SIP trunks have Direct INVITE privilege without REGISTER.