SIPVicious Blog

• SIPVicious OSS 0.3.0 released

  Published Tue, Mar 10, 2020

• Fuzzing PJSIP and chan_skinny, vulnerability information and advisories

  Published Tue, May 23, 2017

• New Mascot and Tshirts!! and .. Kamailio World 2016 - 9 Years Of Friendly Scanning And Vicious SIP

  Published Tue, May 24, 2016

• Time flies! A summary of updates for the past few years and Kamailio World!

  Published Fri, May 13, 2016

• If SIPVicious gives you a ring...

  Published Mon, Dec 10, 2012

• SIPVicious 0.2.7 released and rewrite coming up, looking for testers!

  Published Wed, Feb 22, 2012

• Asterisk forensics: the logs vs the attackers

  Published Mon, Jan 2, 2012

• VOIPPACK updated to v1.4

  Published Tue, Jan 25, 2011

• 11 million Euro loss in VoIP fraud .. and my VoIP logs

  Published Tue, Dec 14, 2010

• Distributed SIP scanning during Halloween weekend

  Published Thu, Nov 4, 2010

• AstriCon roundup and vendors adding security features

  Published Fri, Oct 29, 2010

• BruCON Training: Module 4, Attacking Unified Communications

  Published Tue, Sep 7, 2010

• BruCON Training: Module 3, Attacking the media

  Published Thu, Sep 2, 2010

• BruCON Training: Module 2, Attacking signaling protocols

  Published Wed, Sep 1, 2010

• BruCON Training: Module 1, An Introduction to ...

  Published Tue, Aug 31, 2010

• BruCON Training: A crashcourse in pentesting VOIP networks (update)

  Published Mon, Aug 30, 2010

• New beta of VIPER VAST released 2.76

  Published Wed, Jul 21, 2010

• How to crash SIPVicious - introducing svcrash.py

  Published Tue, Jun 22, 2010

• A crashcourse in pentesting VOIP networks at BruCON 2010

  Published Tue, Jun 8, 2010

• Getting root access on Cisco CallManager 7 and 8 Server, Athcon, updates in new tool tftptheft and the VoIP honeynet challenge

  Published Tue, Jun 1, 2010

• New tool in the works: TFTPTheft

  Published Fri, May 28, 2010

• SIPVicious 0.2.5 out

  Published Wed, May 19, 2010

• RTP Traffic to 1.1.1.1

  Published Wed, Feb 3, 2010

• On breaking phonecall encryption and publishing fake research

  Published Mon, Feb 1, 2010

• Getting phonecalls during the middle of the night on your Asterisk server?

  Published Thu, Dec 10, 2009

• VIPER VAST includes SIPVicious

  Published Mon, Oct 5, 2009

• VoIP security workshop at BruCON 2009

  Published Thu, Sep 17, 2009

• SEC-T in Sweden and SIPVicious update in svn

  Published Mon, Sep 7, 2009

• HARrrr - Hacking at random

  Published Thu, Aug 13, 2009

• How law enforcement sees VoIP

  Published Mon, Jul 27, 2009

• Scan your public facing PBX with VOIPSCANNER.com

  Published Fri, Jul 17, 2009

• Scanning the Intertubes for VoIP at CONFidence

  Published Sun, May 10, 2009

• Troopers09 & IAX2 support

  Published Wed, Apr 15, 2009

• SaaS VoIP Security Scanning with VOIPSCANNER.com

  Published Tue, Apr 7, 2009

• VoIPScanner, SIP Digest Leak tutorial and more!

  Published Wed, Apr 1, 2009

• How to set up a VoIP lab

  Published Tue, Mar 24, 2009

• Late March updates

  Published Tue, Mar 17, 2009

• How to identify Asterisk servers and upload MOSDEF on AsteriskNOW

  Published Wed, Feb 18, 2009

• Phone phreaks are now using call forwarding features to make free phonecalls!

  Published Wed, Jan 21, 2009

• VOIPPACK released

  Published Tue, Jan 6, 2009

• VOIP Scanning on the increase

  Published Tue, Jan 6, 2009

• Introducing EnableSecurity VoIPPack

  Published Sat, Dec 13, 2008

• Off to RSA Europe 2008

  Published Sun, Oct 26, 2008

• Analysis of a VoIP Attack

  Published Fri, Oct 24, 2008

• Upcoming changes in SIPVicious

  Published Tue, Sep 9, 2008

• Homeland Security Dept's PBX hacked?

  Published Thu, Aug 21, 2008

• Surf Jack - HTTPS will not save you

  Published Mon, Aug 11, 2008

• New SIPVicious release 0.2.4

  Published Sun, Aug 10, 2008

• Backtrack 3 out - with VoIP security tools

  Published Fri, Jun 20, 2008

• Ladies and Gentlemen please welcome..

  Published Tue, Jun 17, 2008

• SIPVicious tools roadmap

  Published Wed, Jun 11, 2008

• SIPVicious version 0.2.3 with fingerprinting and dns goodies

  Published Tue, Jun 3, 2008

• VoIP and identity fraud on the BBC

  Published Thu, May 15, 2008

• Defcon 15 videos - VoIP related talks

  Published Fri, May 2, 2008

• OSSEC v1.5 now has builtin Asterisk rules

  Published Fri, May 2, 2008

• Infosec Europe 2008

  Published Tue, Apr 22, 2008

• New instructional videos and articles

  Published Sun, Apr 20, 2008

• Storming SIP Security - now available just a click away

  Published Tue, Apr 1, 2008

• Blackhat Europe Briefings Day 2

  Published Sat, Mar 29, 2008

• Blackhat Europe Briefings Day 1

  Published Fri, Mar 28, 2008

• Blackhat Europe && Twitter

  Published Thu, Mar 27, 2008

• Blackhat Europe

  Published Sun, Mar 23, 2008

• SIPVicious tool suite on Backtrack 3 beta

  Published Fri, Mar 21, 2008

• Using OSSEC to detect attacks on an Asterisk box

  Published Sat, Mar 15, 2008

• Swatters using VoIP to spoof caller id

  Published Fri, Mar 14, 2008

• Storming SIP Security

  Published Fri, Feb 22, 2008

• Detecting SIP attacks with Snort

  Published Sun, Feb 17, 2008

• SIP, TLS and Asterisk 1.6

  Published Fri, Feb 8, 2008

• Most popular topics on SIPVicious blog

  Published Mon, Feb 4, 2008

• SIP Fingerprinting in SVN

  Published Sun, Jan 27, 2008

• Call Jacking: Phreaking the BT home hub

  Published Mon, Jan 21, 2008

• Vishing alarming rise

  Published Mon, Jan 21, 2008

• VoIP Security Vulnerabilities - a SANS GIAC paper

  Published Fri, Jan 11, 2008

• 24c3 quick roundup

  Published Mon, Dec 31, 2007

• 24c3 photos

  Published Fri, Dec 28, 2007

• Whats brewing on the SIPVicious front

  Published Wed, Dec 19, 2007

• Password policies for PBX servers

  Published Tue, Dec 11, 2007

• 24C3 coming up

  Published Sat, Dec 1, 2007

• introduction to svcrack

  Published Thu, Nov 29, 2007

• SIPtap and tapping phone calls

  Published Sat, Nov 24, 2007

• its the end of the world as we know it

  Published Wed, Nov 21, 2007

• introduction to svmap

  Published Tue, Nov 20, 2007

• SIPVicious version 0.2.1 released

  Published Wed, Nov 7, 2007

• re-INVITE and authentication

  Published Mon, Nov 5, 2007

• SIPVicious 0.2.1 public beta

  Published Sat, Nov 3, 2007

• More on INVITEing phones to ring

  Published Tue, Oct 30, 2007

• how (not) to get your ex back

  Published Tue, Oct 30, 2007

• Server impersonation and SIP

  Published Sun, Oct 28, 2007

• How to get the job done - a short story

  Published Tue, Oct 23, 2007

• tshirts and mugs!

  Published Sat, Oct 20, 2007

• Wiki updates

  Published Thu, Oct 18, 2007

• Bluebox podcast mentions SIPVicious

  Published Sat, Oct 13, 2007

• XSS in Linksys SPA941

  Published Fri, Oct 12, 2007

• On reporting bugs and recent bug fixes

  Published Thu, Oct 11, 2007

• SIPVicious 0.2 released

  Published Mon, Oct 8, 2007

• Ladies and Gentlemen, please welcome

  Published Sat, Oct 6, 2007

• SIPVicious tools 0.1.9 .. aka 0.2 beta

  Published Wed, Oct 3, 2007

• A SIP Introduction

  Published Thu, Sep 27, 2007

• Another interview with Robert Moore

  Published Wed, Sep 26, 2007

• MediaDefender Phone Call was over VoIP

  Published Tue, Sep 18, 2007

• Microsoft VoIP As You Are

  Published Tue, Sep 18, 2007

• SIPVicious tools in the works

  Published Tue, Sep 11, 2007

• SIP Security with Cullen Jennings of IETF and Cisco

  Published Sat, Sep 8, 2007

• Security Analysis of Voice-over-IP Protocols

  Published Fri, Sep 7, 2007

• VoIP security related blogs

  Published Thu, Aug 30, 2007

• How to turn a Grandstream SIP phone into a remote bug

  Published Fri, Aug 24, 2007

• Updates to SIPVicious tools

  Published Fri, Aug 24, 2007

• Cisco IP Phone 7940 exploits

  Published Wed, Aug 22, 2007

• SIP softphone buffer overflow demo

  Published Wed, Aug 8, 2007

• Interview with a VoIP hacker

  Published Fri, Aug 3, 2007

• SIPVicious tools for auditing SIP devices

  Published Sun, Jul 29, 2007

• SIPVicious launched

  Published Sun, Jul 29, 2007

• About the SIPVicious blog

  Published Fri, May 10, 1957