New Mascot and Tshirts!! and .. Kamailio World 2016 – 9 Years Of Friendly Scanning And Vicious SIP

On the presentationLast week I had the pleasure of presenting something new at Kamailio World 2016. Great community and excellent feedback!The presentation went through the following:How and why SIPVicious was originally written and publishedThose strange emails and phone calls asking for special version ;-)RIPE's 1.1.1.0/24 experiment and how it was interesting in terms of SIP securitySality pushing modified versions of SIPViciousAttackers making use of insecure Tandberg systems to install SIPViciousSVCrash - why it was published and how it workedSecurity updates from the VoIP and PBX industryRewriting SIPVicious (various fails)What happened since then and what I've been using during VoIP pentests that involve SIP2016, yet another rewrite on the wayNew features in this latest rewrite attempt and how they show some important security issuesSome parts were sped up due to the limited time that I had for my presentation, but I think the main points were delivered. If you missed the conference, you can watch the video on Youtube.T-shirts, mugs, hoodies and fluffy pillowsOh and about those t-shirts - just published the new SIPVicious mascot design, gave away some swag and they ran out within minutes. So I decided to make it available to anyone who needs to...
Read more

Time flies! A summary of updates for the past few years and Kamailio World!

I just realised that I have not updated this blog since ages even if we have done some really cool stuff with SIP during that time. Unfortunately, many of the specifics are (to a certain extent) behind non-disclosure agreements.However, here is a list of stuff that happened that has to do with SIPVicious (or not):There was a release back in 20121210, v0.2.8Like everyone else, we moved to GithubThere were a number of bug fixes that one can get by using the repository version (see the commits)And .. no rewrite has been published yet! but a new one is being worked on and it should prove pretty useful (once available).A number of new VoIP security tools have been made public, including:Bluebox-ng (unmaintained)Viproy (VoIP Penetration Testing and Exploitation Kit)vsaudit (VOIP Security Audit Framework)In other news, I'll be presenting at Kamailio World 2016 in Berlin, with the title: A look back at 9 years of friendly scanning and Vicious SIP. 
Read more