Fatih Özavcı



International Events


  • Practical VoIP Hacking with Viproy - Kiwicon 2015 (New Zealand) - 9-10 December 2014

  • Past Events
  • VoIP Wars: Attack of the Cisco Phones - Defcon 22 (USA) - 8 August 2014
  • VoIP Wars: Attack of the Cisco Phones - Blackhat USA 2014 - 6 August 2014
  • Next Generation Attacks and Countermeasures for VoIP - AusCERT 2014 - 12 May 2014
  • Penetration Testing for Mobile Applications and Web Services - AusCERT 2014 - 13 May 2014
  • VoIP Wars: Return of the SIP 2.0 - Ruxcon 2013 (Australia) - 26 October 2013
  • VoIP Wars: Return of the SIP - Defcon 21 (USA) - 2 August 2013
  • Viproy VoIP Penetration Testing Kit - Blackhat Arsenal 2013 (USA) - 1 August 2013
  • Security Birds of a Feather Session - Cluecon 2013 (USA) - 7 August 2013
  • Hacking SIP Services Like a Boss! - Athcon 2013 (Greece)

  • Videos


    Black Hat 2014 - VoIP Wars : Attack of the Cisco Phones

    DEF CON 21 - VoIP Wars Return of the SIP



    Tools


    Viproy Voip Pen-Test Kit

    Project Page : http://www.viproy.com

    Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analysers, VOSS exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyse modules.


    Mobile Application Fuzzer via SSL MITM (mbfuzzer)

    Project Page : http://yakindanegitim.org/mbfuzzer

    MBFuzzer will be developed for MITM (Man in the Middle) Fuzzing. Mobile applications use HTTP, SOAP, XML and JSON based data streams for communicate the servers. Many mobile applications use SSL Connect method for server communication. This method should be converted to HTTPS GET/POST method for MITM attacks. MBFuzzer will provide HTTP/HTTPS Proxy functionality and Real-Time Fuzzing feature with HTTP Connect conversion support.

    Books & Papers



    Hacking Trust Relationships Between SIP Gateways

    Pen-Tester's Guide to Metasploit Framework (Turkish)

    Presentations



    VoIP Wars:Attack of the
    Cisco Phones

    VoIP Wars: Return of the SIP


    Hacking SIP Like a Boss!


    Security Audit of
    SIP and NGN Systems



    Exploit Development Using
    Metasploit Framework


    MBFuzzer: MITM Fuzzing for
    Mobile Applications


    Pen-Tests Using
    Metasploit Framework

    VoIP Pen-Tests
    Using Free Softwares


    Information Security Essentials

    Attacking Techniques
    and Free Softwares


    Privacy and Free Softwares