Clik here to view.
VOIPPACK for April adds Asterisk scanning, leaking phones and Troopers09
Announcing the VOIPPACK April edition supporting IAX2 and can now scan Asterisk servers. Because the feedback for sipautohack was great, we included a similar tool for the Asterisk protocol called...
View ArticleClik here to view.
The state of Web Application Security and their Firewalls
Back from Troopers09 in Munich after presenting our (Wendel Guglielmetti Henrique from Trustwave and yourstruly) research on Web Application Firewalls. Troopers was great and the organizers (Enno Rey...
View ArticleClik here to view.
Web Application Firewalls and VoIP on the intertubes
So the OWASP at Krakow (which was a great experience!) came to an end. The conference was a mixture of technical and non-technical presentations; I liked the w3af presentation and thought it was well...
View ArticleClik here to view.
WAF research media coverage and a response to Imperva
Our presentation at OWASP Europe in Krakow on Web Application Firewall shortcomings was featured on Darkreading, and Wendel was quoted in the article. Other sites and blogs (such as Heise) also...
View ArticleClik here to view.
VOIPSCANNER.com – SaaS VoIP security auditing
One thing that I’ve been working on is making it easy for organizations and consultants to check their IP PBX for security issues. Toll fraud, or theft of service (phone calls) is becoming quite a...
View ArticleClik here to view.
HAR2009: Talks of interest
After a long wait, HAR is finally with us. There’s a large number of talks and events and I thought I’d make a list of the ones that I hope to attend today: “Teh Internetz are pwned” by Scott McIntyre:...
View ArticleClik here to view.
What I’ve been working on…
Lots of links included: SEC-T in Sweden where I presented on VoIP security and the Internet .. proof that there’s lots of VoIP devices being exposed on the ‘net, and the sharks are there to profit by...
View ArticleClik here to view.
VOIPPACK update for February 2010 brings faster VoIP cracking and destruction
So it’s time to issue an update to VOIPPACK, with some new goodies! This update includes two new tools called “bypassalwaysreject” and “sipopenrelay” DoS exploits for Asterisk PBX called...
View ArticleClik here to view.
Using XSS to switch off dotDefender 4.0
AppliCure’s dotDefender version 4.0 had a security flaw in the log viewing feature of the administrative interface. We just published an advisory for this vulnerability. Here’s the interesting part:...
View ArticleClik here to view.
VOIPPACK 1.4 with added support for Cisco and Trixbox
Last week we distributed a new version of VOIPPACK with the following new tools: Cisco environment: vp_cucmjailbreak : Given an ssh username and password for CUCM’s restricted shell, this script...
View Article
