VoIP Wars: Destroying Jar Jar Lync Materials

VoIP Wars: Destroying Jar Jar Lync has been presented at Blackhat Europe 2015, GSEC Hack In The Box Singapore 2015 and Ruxcon 2015. The presentation contains newly published security vulnerabilities for the Microsoft Skype for Business platform, a test methodology and a customised testing tool named Viproxy. The unfiltered edition of the presentation, Viproxy 2.0, exploits, security advisory and demonstration video are available below.

VoIP Wars: Destroying Jar Jar Lync (HITB Singapore presentation video)



VoIP Wars: Destroying Jar Jar Lync (Presentation) 

SOS-15-005 – Microsoft Skype for Business 2016 unauthorised script execution security advisory (including P0C exploits)

http://www.senseofsecurity.com.au/advisories/SOS-15-005.pdf

SOS-15-005 – Microsoft Skype for Business 2016 unauthorised script execution demonstration

Viproxy 2.0

http://viproy.com/files/viproxy-2.0.zip

Detailed information about Viproy VoIP Pen-Test Kit and VoIP Wars research series.

http://www.viproy.com 

VoIP Wars – Destroying Jar Jar Lync (Filtered version)

Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as call centre, internal communication, cloud communication and video conference platform. These services are based on the VoIP and instant messaging protocols, and support multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also the official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with .NET framework. Although the Microsoft Lync platform has been developed along with the new technologies, it still suffers from old VoIP, teleconference and platform issues.

Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks and insecure compatibility options may allow attackers to hijack enterprise communications. The enterprise users and employees are also the next generation targets for these attackers. They can attack client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead to privacy violations, legal issues, call/toll fraud and intelligence collection.

Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules of the Viproy VoIP kit developed by the speaker. This will be accompanied by live demonstrations against a test environment.

•    A brief introduction to Microsoft Lync ecosystem
•    Security requirements, design vulnerabilities and priorities
•    Modern threats against commercial Microsoft Lync services
•    Demonstration of new attack vectors against target test platform

Training: Practical VoIP Hacking with Viproy (Kiwicon'14)

We have prepared a VoIP hacking training for the Kiwicon security conference at New Zealand. The training focus is the testing of the VoIP signalling protocols using Viproy. We'll explain the VoIP essentials and the protocol basics for SIP and Skinny. Also it will be demonstrated that how we can attack to the VoIP servers using web management interfaces, essential services and signalling services. Viproy VoIP penetration testing kit will be in use for the basic and advanced attacks such as SIP trust hacking, SIP proxy bounce attack, Skinny service manipulation, CUCDM exploitation and attacking VoIP clients. If you're interested in about VoIP and attending to Kiwicon, come and join us in this training.

Registration:

You can sign up this training using the form at the Kiwicon homepage.

https://kiwicon.org/the-con/training/practical-voip-hacking-with-viproy

Athcon 2013 - Presentation, Notes and Photos

Athcon is annual, two-day security conference at Greece. I have presented "Hacking SIP Like a Boss" there and I had so much fun. It was amazing and there were really cool presentations at Athcon. Also I have met a few good friends such as Juriaan Breemer (@skier_t), George Nicolaou (@george_nicolaou), Michele Orru' (@antisnatchor), Ben Williams (@insidetrust) and Max Sobell (@msobell). Great thanks to  Christian Papathanasiou, Kyprianos Vasilopoulos and the Athcon team. They have created an impressive security conference at Greece.

My favorite presentations at Athcon

• Rooting your internals: custom shellcode, BeEF and Inter-Protocol Exploitation (Michele Orru')
• Attacking NFC Mobile Wallets: Where Trust Breaks Down (Max Sobell)
• Automated analysis and Deobfuscation of Android Apps & Malware (Jurriaan Bremer)
• The Icarus story (George Nicolaou)
• Hacking Appliances: Ironic exploits in security products (Ben Williams)

Slide Set of Hacking SIP Like a Boss!


Special thanks to Athcon team, because they let me add a few slides in my presentation about Gezi Park Protest in Istanbul (#occupygezi). You can check them in my presentation.

Of course, pics or it didn't happen! :-)  (continue for pics...)

Security Audit of NGN and VoIP Systems (Turkish)

I have presented a seminar about NGN and VoIP Security Analysis at Cypsec 2013 event. This slide set includes NGN and VoIP Attacking Techniques in Basic, Using Viproy VoIP Kit for Attacks and Its Features. 

Exploit Development Using Metasploit Framework (Presentation)

Me and my friend, Canberk Bolat, have presented a seminar about Exploit Development and Metasploit Framework at Free Software and Linux Days 2013 event. This slide set includes basic Exploit Development Techniques, Metasploit Framework Mixins and Its Features. Also we have demonstrated exploit development techniques with sample codes and exploit modules.