Showing posts with label video. Show all posts
Showing posts with label video. Show all posts
Aug 13, 2015
The Art of VoIP Hacking - DEF CON 23 Workshop Materials
The Art of VoIP Hacking workshop has beed provided during the DEF CON 23 USA last week. We have discussed about the VoIP vulnerabilities, design issues and current treats targeting the VoIP environments. In addition, we have also demonstrated the major attack vectors for the VoIP services including the advanced SIP attacks, exploitation of the VoIP server vulnerabilities, Cisco Skinny attacks, attacking Cisco hosted VoIP services (CUCM/CUCDM), decryption of the SRTP traffic and exploitation of the VoIP client vulnerabilities. Over than 35 attendees have used the Viproy VoIP Penetration Testing Kit to attack to the test environment which has samples for each attack exercises. The following materials are provided for the DEF CON 23 workshop, but also for the VoIP community to improve unified communications security.
Sep 30, 2014
VoIP Wars: Attack of the Cisco Phones (Black Hat USA 2014 Video)
Black Hat USA 2014 videos are published yesterday. The following video is my Black Hat USA 2014 presentation, VoIP Wars: Attack of the Cisco Phones. Also I have added the presentation itself and the live demo remake video as well.
VoIP Wars: Attack of the Cisco Phones (Video)
VoIP Wars: Attack of the Cisco Phones (Presentation)
VoIP Wars: Attack of the Cisco Phones (Live Demo Remake)
Jun 18, 2013
Hacking SIP Like a Boss! (Athcon 2013) Live Demo Remake
I had a presentation at Athcon 2013, Hacking SIP Like a Boss!. I have showed a Live Demo after Basic Usage Videos. This video is remake of Live Demo part. You can check basic usage of Viproy VoIP Penetration Kit from here.
Live Demo Headlines
Viproy VoIP Penetration Kit Homepage
http://viproy.com/voipkit
Blog
http://fozavci.blogspot.com
Live Demo Headlines
- SIP Proxy Bounce Attack
- Hacking SIP Trust Relationships
- Attacking Mobile Applications Using SIP Trust
Viproy VoIP Penetration Kit Homepage
http://viproy.com/voipkit
Blog
http://fozavci.blogspot.com
Apr 13, 2013
Viproy - VoIP Penetration and Exploitation Testing Kit
Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.
Project Page : http://www.github.com/fozavci/viproy-voipkit
Download : https://github.com/fozavci/viproy-voipkit/archive/master.zip
Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video
This is a training video for penetration testing of SIP servers.
Chapters of Training Video
1-Footprinting of SIP Services
2-Enumerating SIP Services
3-Registering SIP Service with/without Credentials
4-Brute Force Attack for SIP Service
5-Call Initiation with/without Spoof & Credentials
6-Hacking Trust Relationships
7-Intercepting SIP Client with SIP Proxy
Project Page : http://www.github.com/fozavci/viproy-voipkit
Download : https://github.com/fozavci/viproy-voipkit/archive/master.zip
Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video
This is a training video for penetration testing of SIP servers.
Chapters of Training Video
1-Footprinting of SIP Services
2-Enumerating SIP Services
3-Registering SIP Service with/without Credentials
4-Brute Force Attack for SIP Service
5-Call Initiation with/without Spoof & Credentials
6-Hacking Trust Relationships
7-Intercepting SIP Client with SIP Proxy
Apr 2, 2013
Hacking Trust Relationships of SIP Gateways (Video Demo)
I prepared an on-the-fly video demo for SIP Trust hacking. This video contains a demonstration about my technical paper, hacking trust relationships of SIP gateways. This paper and my "SIP Pen-Testing Kit for Metasploit" available at http://gamasec.net/fozavci/index-en.html. The tool, SIP Trust Analyzer will be available after Athcon 2013. Another Shiny demo will be presented at Athcon 2013, this video means only "it's just working".
Feb 8, 2013
SIP/NGN Services Pen-Testing using SIP Pen-Testing Kit (Training Video)
SIP Pen-Testing Kit for Metasploit is developed to help SIP Pen-Tests. This video prepared for demonstration and training for SIP Pen-Testing Kit.
Pen-Testing Steps in the Video
http://www.github.com/fozavci/gamasec-sipmodules
Pen-Testing Steps in the Video
- SIP Service Discovery
- Using OPTIONS Requests
- Using REGISTER Requests
- REGISTER Without Credentials
- REGISTER With Valid Credentials
- Call Tests
- Direct INVITE Without Credentials
- INVITE With Credentials
- INVITE Spoofing With Credentials
- DOS Tests
- INVITE Sending to Valid Users (With/Without Credentials)
- INVITE Sending to Numeric Range (With/Without Credentials)
- Enumeration
- Enumerating Users and Accounts with Numeric Range (SUBSCRIBE, REGISTER, INVITE)
- Enumerating Users and Accounts with a Users File (SUBSCRIBE, REGISTER, INVITE)
- Brute Force
- Password Brute Force to a Target Account
- Password Brute Force to a Numeric Range
- Password Brute Force with a Users File
http://www.github.com/fozavci/gamasec-sipmodules
Subscribe to:
Posts (Atom)