Wednesday, April 15, 2009

Troopers09 & IAX2 support

I will be co-presenting in Munich together with Wendel on Web Application Firewall insecurities and dropping some new tools. If any readers are going to be around the area for Troopers09 next week, drop me a note. Beer is mostly welcome.

My Twitter account will probably be getting a few updates ;-)

As a sidenote.. VOIPPACK now gets IAX2 support, with 3 additional tools. Most notable is IAX2autohack which is very similar to sipautohack but for the Asterisk protocol. The video demo can be found over here.

Tuesday, April 7, 2009

SaaS VoIP Security Scanning with

Apply for a beta code now while its still hot!

What is

VOIPSCANNER.COM makes scanning your public facing IP PBX for security holes easier than ever. No need for desktop applications or any software installation, just enter the IP address of your IP PBX and you will receive a report of what attackers out there might find about your IP PBX. demo from Sandro Gauci on Vimeo.

Wednesday, April 1, 2009

VoIPScanner, SIP Digest Leak tutorial and more!

Check out the tutorial. This security flaw has been getting a bit of attention so I thought of preparing a tutorial on how to use VOIPPACK to demo it. There's the video that I posted earlier on which shows the attack in action. In the tutorial I explain how to do this step by step on a softphone and a hardphone as well.

SIP Digest Leak from Sandro Gauci on Vimeo.

Also started a new project called which is currently in private beta. If you have an internet facing IP PBX that you'd like to scan, give me a ping ;-) You might just about qualify for the private beta. Public beta will be available later this week or earlier next week.