Fatih Özavcı



International Events



Past Events
  • VoIP Wars: Attack of the Cisco Phones - Defcon 22 (USA) - 8 August 2014
  • VoIP Wars: Attack of the Cisco Phones - Blackhat USA 2014 - 6 August 2014
  • VoIP Wars: Return of the SIP 2.0 - Ruxcon 2013 (Australia) - 26 October 2013
  • VoIP Wars: Return of the SIP - Defcon 21 (USA) - 2 August 2013
  • Viproy VoIP Penetration Testing Kit - Blackhat Arsenal 2013 (USA) - 1 August 2013
  • Security Birds of a Feather Session - Cluecon 2013 (USA) - 7 August 2013
  • Hacking SIP Services Like a Boss! - Athcon 2013 (Greece)

  • Videos


    DEF CON 21 - Fatih Ozavci - VoIP Wars Return of the SIP



    Tools


    Viproy Voip Pen-Test Kit

    Project Page : http://www.viproy.com

    Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analysers, VOSS exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyse modules.


    Mobile Application Fuzzer via SSL MITM (mbfuzzer)

    Project Page : http://yakindanegitim.org/mbfuzzer

    MBFuzzer will be developed for MITM (Man in the Middle) Fuzzing. Mobile applications use HTTP, SOAP, XML and JSON based data streams for communicate the servers. Many mobile applications use SSL Connect method for server communication. This method should be converted to HTTPS GET/POST method for MITM attacks. MBFuzzer will provide HTTP/HTTPS Proxy functionality and Real-Time Fuzzing feature with HTTP Connect conversion support.

    Books & Papers



    Hacking Trust Relationships Between SIP Gateways

    Pen-Tester's Guide to Metasploit Framework (Turkish)

    Presentations



    VoIP Wars:Return of the SIP


    Hacking SIP Like a Boss!


    Security Audit of SIP and NGN Systems

    Exploit Development Using Metasploit Framework

    MBFuzzer : MITM Fuzzing for Mobile Applications


    Pen-Tests Using Metasploit Framework


    VoIP Pen-Tests
    Using Free Softwares


    Information Security Essentials


    Attacking Techniques
    and Free Softwares


    Privacy and Free Softwares