Fatih Özavcı

International Events

  • VoIP Wars: Destroying Jar Jar Lync - Blackhat Europe - 13 November 2015
  • VoIP Wars: Destroying Jar Jar Lync - Ruxcon - 25 October 2015
  • VoIP Wars: Destroying Jar Jar Lync - Hack In The Box Singapore - 15 October 2015
  • The Art of VoIP Hacking - Defcon 23 (USA) - 8 August 2015
  • Tactical VoIP Hacking with Viproy - Troopers 15 (Germany) - 17 March 2015
  • Practical VoIP Hacking with Viproy - Kiwicon 2015 (New Zealand) - 9-10 December 2014
  • VoIP Wars: Attack of the Cisco Phones - Defcon 22 (USA) - 8 August 2014
  • VoIP Wars: Attack of the Cisco Phones - Blackhat USA 2014 - 6 August 2014
  • Next Generation Attacks and Countermeasures for VoIP - AusCERT 2014 - 12 May 2014
  • Penetration Testing for Mobile Applications and Web Services - AusCERT 2014 - 13 May 2014
  • VoIP Wars: Return of the SIP 2.0 - Ruxcon 2013 (Australia) - 26 October 2013
  • VoIP Wars: Return of the SIP - Defcon 21 (USA) - 2 August 2013
  • Viproy VoIP Penetration Testing Kit - Blackhat Arsenal 2013 (USA) - 1 August 2013
  • Security Birds of a Feather Session - Cluecon 2013 (USA) - 7 August 2013
  • Hacking SIP Services Like a Boss! - Athcon 2013 (Greece)

  • Videos

    Black Hat 2014 - VoIP Wars : Attack of the Cisco Phones

    DEF CON 21 - VoIP Wars Return of the SIP


    Viproy Voip Pen-Test Kit

    Project Page : http://www.viproy.com

    Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analysers, VOSS exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyse modules.

    Viproxy MITM Proxy and Testing Tool

    Project Page : http://www.viproy.com

    Viproxy MITM Proxy and Testing Tools is developed using Metasploit Framework environment. It is a standalone Metasploit module which enables users to intercept the TCP/TLS traffic and to execute some attacks. Viproxy can be used to attack Microsoft Lync and Skype for Business environments as demonstrated during VoIP Wars: Destroying Jar Jar Lync presentation at Blackhat Europe 2015, GSEC Hack In The Box Singapore 2015 and Ruxcon 2015. It has online rule console to manage the attacks such as INVITE subject update, MESSAGE content update and sending invalid content for fuzzing.

    Mobile Application Fuzzer via SSL MITM (mbfuzzer)

    Project Page : http://yakindanegitim.org/mbfuzzer

    MBFuzzer will be developed for MITM (Man in the Middle) Fuzzing. Mobile applications use HTTP, SOAP, XML and JSON based data streams for communicate the servers. Many mobile applications use SSL Connect method for server communication. This method should be converted to HTTPS GET/POST method for MITM attacks. MBFuzzer will provide HTTP/HTTPS Proxy functionality and Real-Time Fuzzing feature with HTTP Connect conversion support.

    Books & Papers

    Hacking Trust Relationships Between SIP Gateways

    Pen-Tester's Guide to Metasploit Framework (Turkish)


    VoIP Wars:Attack of the
    Cisco Phones

    VoIP Wars: Return of the SIP

    Hacking SIP Like a Boss!

    Security Audit of
    SIP and NGN Systems

    Exploit Development Using
    Metasploit Framework

    MBFuzzer: MITM Fuzzing for
    Mobile Applications

    Pen-Tests Using
    Metasploit Framework

    VoIP Pen-Tests
    Using Free Softwares

    Information Security Essentials

    Attacking Techniques
    and Free Softwares

    Privacy and Free Softwares