SlideShare a Scribd company logo

VoIP Wars: Destroying Jar Jar Lync (Filtered version)

Fatih Ozavci
Fatih Ozavci

Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as call centre, internal communication, cloud communication and video conference platform. These services are based on the VoIP and instant messaging protocols, and support multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also the official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with .NET framework. Although the Microsoft Lync platform has been developed along with the new technologies, it still suffers from old VoIP, teleconference and platform issues. Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks and insecure compatibility options may allow attackers to hijack enterprise communications. The enterprise users and employees are also the next generation targets for these attackers. They can attack client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead to privacy violations, legal issues, call/toll fraud and intelligence collection. Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules of the Viproy VoIP kit developed by the speaker. This will be accompanied by live demonstrations against a test environment. • A brief introduction to Microsoft Lync ecosystem • Security requirements, design vulnerabilities and priorities • Modern threats against commercial Microsoft Lync services • Demonstration of new attack vectors against target test platform

1 of 42
Download to read offline
Compliance, Protection & Business Confidence  Sense of Security Pty Ltd Sydney Level 8, 66 King Street Sydney NSW 2000 Australia Melbourne Level 15, 401 Docklands Drv Docklands VIC 3008 Australia T: 1300 922 923 T: +61 (0) 2 9290 4444 F: +61 (0) 2 9290 4455 info@senseofsecurity.com.au www.senseofsecurity.com.au ABN: 14 098 237 908 1 VoIP Wars: Destroying Jar Jar Lync 25 October 2015 Fatih Ozavci
Speaker Fatih Ozavci, Principal Security Consultant • VoIP & phreaking • Mobile applications and devices • Network infrastructure • CPE, hardware and IoT hacking • Author of Viproy, Viproxy and VoIP Wars research series • Public speaker and trainer Blackhat USA, Defcon, HITB, AusCert, Troopers, Ruxcon 2
3 Previously on VoIP Wars
4 Current research status • This is only the first stage of the research • Analysing the security requirements of various designs • Developing a tool to • assess communication and voice policies in use • drive official client to attack other clients and servers • debug communication for further attacks • Watch this space • Viproy with Skype for Business authentication support • Potential vulnerabilities to be released
5 Agenda 1. Modern threats targeting UC on Skype for Business 2. Security requirements for various implementations 3. Security testing using Viproxy 4. Demonstration of vulnerabilities identified • CVE-2015-6061, CVE-2015-6062, CVE-2015-6063
6 Security requirements for UC Corporate Communication Commercial Services VLAN Hopping CDP/DTP Attacks Device Tampering MITM Skinny Encryption Authentication DHCP Snooping SIP Physical Security Trust Relationships DDoS Call Spoofing File/Screen Sharing Messaging Toll Fraud Mobile/Desktop Clients Voicemail Botnets Proxy Hosted & Distributed Networks Call Centre Hosted VoIP SSO Federation WebRTC Management Sandbox Encryption Isolation Mobile/Desktop Clients Competitors
7 Modern threats targeting UC
8 Skype for Business M icrosoftLive Com m unications 2005 M icrosoftOffice Com m unicator 2007 M icrosoftLync 2000 -2013 M icrosoftSkype for Business2015
9 UC on Skype for Business • Active Directory, DNS (SRV, NAPTR/Enum) and SSO • Extensions to the traditional protocols • SIP/SIPE, XMPP, OWA/Exchange • PSTN mapping to users • Device support for IP phones and teleconference systems • Mobile services • Not only for corporate communication • Call centres, hosted Lync/Skype services • Office 365 online services, federated services
10 VoIP basics 1- REGISTER 1- 200 OK 2- INVITE 3- INVITE 2- 100 Trying 3- 200 OK 4- ACK RTP Proxy SRTP (AES) Client A Client B SRTP (AES) 4- 200 OK RTP Proxy SRTP (AES) Skype for Business 2015
11 Corporate communication Windows 2012 R2 Domain Controller Windows 2012 R2 Exchange & OWA Skype for Business 2015 Mobile Devices Laptops Phones & Teleconference Systems Services: • Voice and video calls • Instant messaging • Presentation and collaboration • File and desktop sharing • Public and private meetings PSTN Gateway SIP Trunk SIP/TLS ?
12 Federated communication Services: • Federation connections (DNS, Enum, SIP proxies) • Skype for Business external authentication • Connecting the users without individual setup • Public meetings, calls and instant messaging DNS Server Skype for Business 2015 ABC Enterprise Federation communication SIP/TLS ? Mobile ABC Laptop ABC Skype for Business 2015 Edge Server ABC Enterprise Skype for Business 2015 XYZ Enterprise DNS & Enum Services Mobile XYZ
13 Supported client features https://technet.microsoft.com/en-au/library/dn933896.aspx
14 Supported client features https://technet.microsoft.com/en-au/library/dn933896.aspx Give control? Give control?
15 Security of Skype for Business • SIP over TLS is enforced for clients by default • SRTP using AES is enforced for clients by default • SIP replay attack protections are used on servers • Responses have a signature of the critical SIP headers • Content itself and custom headers are not in scope • Clients validate the server response signatures • SIP trunks (PSTN gateway) security • TLS enabled and IP restricted • No authentication support
16 Research and vulnerabilities related • Defcon 20 – The end of the PSTN as you know it • Jason Ostrom, William Borskey, Karl Feinauer • Federation fundamentals, Enumerator, Lyncspoof • Remote command execution through vulnerabilities on the font and graphics libraries (MS15-080, MS15-044) • Targeting Microsoft Lync users with malwared Microsoft Office files • Denial of service and XSS vulnerabilities (MS14-055)
17 Security testing • 3 ways to conduct security testing • Compliance and configuration analysis • MITM analysis (Viproxy 2.0) • Using a custom security tester (Viproy 4.0 is coming soon) • Areas to focus on • Identifying design, authentication and authorisation issues • Unlocking client restrictions to bypass policies • Identifying client and server vulnerabilities • Testing business logic issues, dial plans and user rights
18 Discovering Skype for Business • Autodiscovery features • Autodiscovery web services • Subdomains and DNS records (SRV, NAPTR) • Web services • Authentication, Webtickets and TLS web services • Meeting invitations and components • Skype for Business web application • Active Directory integration • Information gathering via server errors
19 Corporate communication policy • Design of the communication infrastructure • Phone numbers, SIP URIs, domains, federations, gateways • Client type, version and feature enforcements • Meeting codes, security, user rights to create meetings • Open components such as Skype for Business web app • Feature restrictions on clients • File, content and desktop sharing restrictions • User rights (admin vs user) • Encryption design for signalling and media
20 Corporate communication policy The default/custom policies should be assigned to users and groups
21 Corporate communication policy • Meeting rights to be assigned by users • Policies assigned are in use
22 SRTP AES implementation • SRTP using AES is enforced for clients (No ZRTP) • SIP/TLS is enforced for clients • SIP/TLS is optional for SIP trunks and PSTN gateways • Compatibility challenges vs Default configuration • SIP/TCP gateways may leak the SRTP encryption keys a=ice-ufrag:x30M a=ice-pwd:oW7iYHXiAOr19UH05baO7bMJ a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:Gu +c81XctWoAHro7cJ9uN6WqW7QPJndjXfZsofl8|2^31|1:1
23 MITM analysis using Viproxy • Challenges • SIP/TLS is enabled by default • Microsoft Lync clients validate the TLS cert • Compression is enabled, not easy to read • Viproxy 2.0 • A standalone Metasploit module • Supports TCP/TLS interception with TLS certs • Disables compression • Modifies the actions of an official client • Provides a command console for real-time attacks
• Debugging the protocol and collecting samples • Basic find & replace with fuzzing support • Unlocking restricted client features • Bypassing communication policies in use • Injecting malicious content 24 Viproxy test setup Windows 10 Skype for Business Clients Viproxy 2.0 MS Lync for Mac 2011 Client to be used for attacks Windows 2012 R2 Skype for Business 2015 Server
25 Analysing the corporate policy • Instant Messaging (IM) restrictions • File type filters for the file transfers • URL filters for the messaging • Set-CsClientPolicy (DisableEmoticons, DisableHtmlIm, DisableRTFIm) • Call forwarding rights • Meeting rights • Federated attendees • Public attendees • Clients’ default meeting settings • Insecure client versions allowed
26 Attack surfaces on IM and calls • Various content types (HTML, JavaScript, PPTs) • File, desktop and presentation sharing • Limited filtering options (IIMFilter) • File Filter (e.g. exe, xls, ppt, psh) • URL Filter (e.g. WWW, HTTP, call, SIP) • Set-CsClientPolicy (DisableHtmlIm, DisableRTFIm) • Clients process the content before invitation • Presence and update messages • Call and IM invitation requests • Mass compromise via meetings and multiple endpoints
27 Parsing errors and exceptions to be shared later
28 Bypassing URL filter in IM to be shared later
29 URL filter bypass Windows 10 Skype for Business Clients Viproxy 2.0 MS Lync for Mac 2011 Client to be used for attacks Windows 2012 R2 Skype for Business 2015 Server Reverse browser visiting
30 Sending INVITEs w/ HTML/XSS to be shared later
31 Fake Skype update via INVITE
32 Multi endpoint communication • Meeting requests • Private meetings, Open meetings, Web sessions • Multi callee invitations and messages • Attacks do not need actions from the attendees/callees • Injecting endpoints to the requests • XML conference definitions in the INVITE requests • INVITE headers • Endpoint headers • 3rd party SIP trunk, PSTN gateway or federation
33 Sending messages w/ HTML/XSS to be shared later
34 Mass compromise of clients Windows 10 Skype for Business Clients Viproy 4.0 Windows 2012 R2 Skype for Business 2015 Server BEEF Framework Waiting for the XSS hooks Reverse browser hooks CentOS Linux Freeswitch SIP Trunk PSTN Gateway
35 Mass compromise of clients
36 Second stage of the research Analysis of • mobile clients and SFB web app • SFB meeting security and public access • federation security and trust analysis • Further analysis of the crashes and parsing errors identified for exploitation • Social engineering templates for Viproxy and Viproy • Viproy 4.0 with Skype for Business authentication, fuzzing and discovery support
37 Securing Unified Communications Secure design is always the foundation • Physical security of endpoints (e.g. IP phones, teleconference rooms) should be improved • Networks should be segmented based on their trust level • Authentication and encryption should be enabled • Protocol vulnerabilities can be fixed with secure design • Disable unnecessary IM, call and meeting features • Software updates should be reviewed and installed
38 Previously on VoIP Wars VoIP Wars I: Return of the SIP (Defcon, Cluecon, Ruxcon, Athcon) •Modern VoIP attacks via SIP services explained •SIP trust hacking, SIP proxy bounce attack and attacking mobile VoIP clients demonstrated •https://youtu.be/d6cGlTB6qKw VoIP Wars II : Attack of the Cisco phones (Defcon, Blackhat USA) •30+ Cisco HCS vulnerabilities including 0days •Viproy 2.0 with CUCDM exploits, CDP and Skinny support •Hosted VoIP security risks and existing threats discussed •https://youtu.be/hqL25srtoEY The Art of VoIP Hacking Workshop (Defcon, Troopers, AusCERT, Kiwicon) •Live exploitation exercises for several VoIP vulnerabilities •3 0day exploits for Vi-vo and Boghe VoIP clients •New Viproy 3.7 modules and improved features •https://www.linkedin.com/pulse/art-voip-hacking-workshop-materials-fatih-ozavci
39 References Viproy VoIP Penetration and Exploitation Kit Author : http://viproy.com/fozavci Homepage : http://viproy.com Github : http://www.github.com/fozavci/viproy-voipkit VoIP Wars : Attack of the Cisco Phones https://youtu.be/hqL25srtoEY VoIP Wars : Return of the SIP https://youtu.be/d6cGlTB6qKw
40 https://www.senseofsecurity.com.au/aboutus/careers
41 Questions
42 Thank you Head office is level 8, 66 King Street, Sydney, NSW 2000, Australia. Owner of trademark and all copyright is Sense of Security Pty Ltd. Neither text or images can be reproduced without written permission. T: 1300 922 923 T: +61 (0) 2 9290 4444 F: +61 (0) 2 9290 4455 info@senseofsecurity.com.au www.senseofsecurity.com.au

Recommended

VoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenVoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers Awaken
Fatih Ozavci
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!
Fatih Ozavci
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
Fatih Ozavci
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
Fatih Ozavci
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
Fatih Ozavci
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 Workshop
Fatih Ozavci
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Fatih Ozavci
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacks
n|u - The Open Security Community
 

Recommended

VoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenVoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers Awaken
Fatih Ozavci
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!
Fatih Ozavci
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
Fatih Ozavci
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
Fatih Ozavci
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
Fatih Ozavci
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 Workshop
Fatih Ozavci
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Fatih Ozavci
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacks
n|u - The Open Security Community
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
Fatih Ozavci
 
MBFuzzer : MITM Fuzzing for Mobile Applications
MBFuzzer : MITM Fuzzing for Mobile ApplicationsMBFuzzer : MITM Fuzzing for Mobile Applications
MBFuzzer : MITM Fuzzing for Mobile ApplicationsFatih Ozavci
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
Sumutiu Marius
 
DEFCON 23 - Fatih Ozavci - the art of voip workshop
DEFCON 23 - Fatih Ozavci - the art of voip workshopDEFCON 23 - Fatih Ozavci - the art of voip workshop
DEFCON 23 - Fatih Ozavci - the art of voip workshop
Felipe Prado
 
FreeSBC - Getting Started
FreeSBC - Getting StartedFreeSBC - Getting Started
FreeSBC - Getting Started
Alan Percy
 
Will STIR/SHAKEN Solve the Illegal Robocall Problem?
Will STIR/SHAKEN Solve the Illegal Robocall Problem?Will STIR/SHAKEN Solve the Illegal Robocall Problem?
Will STIR/SHAKEN Solve the Illegal Robocall Problem?
Alan Percy
 
Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)
SI3D systems
 
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
Askozia
 
Netstyle VoIP Solutions
Netstyle VoIP SolutionsNetstyle VoIP Solutions
Netstyle VoIP Solutions
Michael Bochkaryov
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxing
Nick Straughan
 
Ict encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosantiIct encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosantiPrivateWave Italia SpA
 
Fortigate class1
Fortigate class1Fortigate class1
Fortigate class1
RanjithKumar428
 
Fortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-seriesFortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-series
Julian Ernesto Martinez Oliva
 
Solo Small Business Gateway
Solo Small Business GatewaySolo Small Business Gateway
Solo Small Business GatewaySOLO Gateway
 
Squire Technologies: Class 4 Softswitch
Squire Technologies: Class 4 SoftswitchSquire Technologies: Class 4 Softswitch
Squire Technologies: Class 4 Softswitch
Squire Technologies
 
Forti cloud
Forti cloudForti cloud
Forti cloud
Lan & Wan Solutions
 
Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6
Haris Khan
 
Fortinet
FortinetFortinet
Fortinet
ABEP123
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 
Deploying lync evaluating costs and complexities
Deploying lync evaluating costs and complexitiesDeploying lync evaluating costs and complexities
Deploying lync evaluating costs and complexities
Fabrizio Volpe
 
Justin Morris - Enhancing your lync 2013 rollout to make it a killer success ...
Justin Morris - Enhancing your lync 2013 rollout to make it a killer success ...Justin Morris - Enhancing your lync 2013 rollout to make it a killer success ...
Justin Morris - Enhancing your lync 2013 rollout to make it a killer success ...Nordic Infrastructure Conference
 

More Related Content

What's hot

VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
Fatih Ozavci
 
MBFuzzer : MITM Fuzzing for Mobile Applications
MBFuzzer : MITM Fuzzing for Mobile ApplicationsMBFuzzer : MITM Fuzzing for Mobile Applications
MBFuzzer : MITM Fuzzing for Mobile ApplicationsFatih Ozavci
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
Sumutiu Marius
 
DEFCON 23 - Fatih Ozavci - the art of voip workshop
DEFCON 23 - Fatih Ozavci - the art of voip workshopDEFCON 23 - Fatih Ozavci - the art of voip workshop
DEFCON 23 - Fatih Ozavci - the art of voip workshop
Felipe Prado
 
FreeSBC - Getting Started
FreeSBC - Getting StartedFreeSBC - Getting Started
FreeSBC - Getting Started
Alan Percy
 
Will STIR/SHAKEN Solve the Illegal Robocall Problem?
Will STIR/SHAKEN Solve the Illegal Robocall Problem?Will STIR/SHAKEN Solve the Illegal Robocall Problem?
Will STIR/SHAKEN Solve the Illegal Robocall Problem?
Alan Percy
 
Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)
SI3D systems
 
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
Askozia
 
Netstyle VoIP Solutions
Netstyle VoIP SolutionsNetstyle VoIP Solutions
Netstyle VoIP Solutions
Michael Bochkaryov
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxing
Nick Straughan
 
Fortigate class1
Fortigate class1Fortigate class1
Fortigate class1
RanjithKumar428
 
Fortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-seriesFortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-series
Julian Ernesto Martinez Oliva
 
Solo Small Business Gateway
Solo Small Business GatewaySolo Small Business Gateway
Solo Small Business GatewaySOLO Gateway
 
Squire Technologies: Class 4 Softswitch
Squire Technologies: Class 4 SoftswitchSquire Technologies: Class 4 Softswitch
Squire Technologies: Class 4 Softswitch
Squire Technologies
 
Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6
Haris Khan
 
Fortinet
FortinetFortinet
Fortinet
ABEP123
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 

What's hot (20)

VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
 
MBFuzzer : MITM Fuzzing for Mobile Applications
MBFuzzer : MITM Fuzzing for Mobile ApplicationsMBFuzzer : MITM Fuzzing for Mobile Applications
MBFuzzer : MITM Fuzzing for Mobile Applications
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP Gateways
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
 
DEFCON 23 - Fatih Ozavci - the art of voip workshop
DEFCON 23 - Fatih Ozavci - the art of voip workshopDEFCON 23 - Fatih Ozavci - the art of voip workshop
DEFCON 23 - Fatih Ozavci - the art of voip workshop
 
FreeSBC - Getting Started
FreeSBC - Getting StartedFreeSBC - Getting Started
FreeSBC - Getting Started
 
Will STIR/SHAKEN Solve the Illegal Robocall Problem?
Will STIR/SHAKEN Solve the Illegal Robocall Problem?Will STIR/SHAKEN Solve the Illegal Robocall Problem?
Will STIR/SHAKEN Solve the Illegal Robocall Problem?
 
Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)
 
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
 
Netstyle VoIP Solutions
Netstyle VoIP SolutionsNetstyle VoIP Solutions
Netstyle VoIP Solutions
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxing
 
Ict encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosantiIct encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosanti
 
Fortigate class1
Fortigate class1Fortigate class1
Fortigate class1
 
Fortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-seriesFortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-series
 
Solo Small Business Gateway
Solo Small Business GatewaySolo Small Business Gateway
Solo Small Business Gateway
 
Squire Technologies: Class 4 Softswitch
Squire Technologies: Class 4 SoftswitchSquire Technologies: Class 4 Softswitch
Squire Technologies: Class 4 Softswitch
 
Forti cloud
Forti cloudForti cloud
Forti cloud
 
Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6
 
Fortinet
FortinetFortinet
Fortinet
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
 

Similar to VoIP Wars: Destroying Jar Jar Lync (Filtered version)

Deploying lync evaluating costs and complexities
Deploying lync evaluating costs and complexitiesDeploying lync evaluating costs and complexities
Deploying lync evaluating costs and complexities
Fabrizio Volpe
 
Justin Morris - Enhancing your lync 2013 rollout to make it a killer success ...
Justin Morris - Enhancing your lync 2013 rollout to make it a killer success ...Justin Morris - Enhancing your lync 2013 rollout to make it a killer success ...
Justin Morris - Enhancing your lync 2013 rollout to make it a killer success ...Nordic Infrastructure Conference
 
Offre revendeurs UC
Offre revendeurs UCOffre revendeurs UC
Offre revendeurs UCRachid ZINE
 
O365Engage17 - Skype for Business Cloud PBX in the Real World
O365Engage17 - Skype for Business Cloud PBX in the Real WorldO365Engage17 - Skype for Business Cloud PBX in the Real World
O365Engage17 - Skype for Business Cloud PBX in the Real World
NCCOMMS
 
Justin Morris - Understanding how lync server 2013 leverages the complete mic...
Justin Morris - Understanding how lync server 2013 leverages the complete mic...Justin Morris - Understanding how lync server 2013 leverages the complete mic...
Justin Morris - Understanding how lync server 2013 leverages the complete mic...Nordic Infrastructure Conference
 
O365con14 - lync to the future
O365con14 - lync to the futureO365con14 - lync to the future
O365con14 - lync to the future
NCCOMMS
 
Microsoft Unified Communications Summit
Microsoft Unified Communications SummitMicrosoft Unified Communications Summit
Microsoft Unified Communications Summit
Concurrency, Inc.
 
Lync online: How the cloud is changing the way we communicate
Lync online: How the cloud is changing the way we communicateLync online: How the cloud is changing the way we communicate
Lync online: How the cloud is changing the way we communicate
Perficient, Inc.
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
EPC Group
 
UC Expo 2018 - Microsoft Theatre 17/05/18 - Cloud Video Interop for Microsoft...
UC Expo 2018 - Microsoft Theatre 17/05/18 - Cloud Video Interop for Microsoft...UC Expo 2018 - Microsoft Theatre 17/05/18 - Cloud Video Interop for Microsoft...
UC Expo 2018 - Microsoft Theatre 17/05/18 - Cloud Video Interop for Microsoft...
Graham Walsh
 
Skype for business understanding what is new, preview or unchanged
Skype for business understanding what is new, preview or unchangedSkype for business understanding what is new, preview or unchanged
Skype for business understanding what is new, preview or unchanged
Fabrizio Volpe
 
FreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBCFreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBC
TelcoBridges Inc.
 
FreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBCFreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBC
Alan Percy
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 Presentation
Justin Richer
 
WebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsWebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP Worlds
IMTC
 
Microsoft Lync Oct 2010 Discovery Series
Microsoft Lync Oct 2010 Discovery SeriesMicrosoft Lync Oct 2010 Discovery Series
Microsoft Lync Oct 2010 Discovery Seriesdouglarl
 
Steven gray resume word current
Steven gray resume word currentSteven gray resume word current
Steven gray resume word current
Steven Gray
 
Cloud PBX with Office 365 Webinar Slides
Cloud PBX with Office 365 Webinar SlidesCloud PBX with Office 365 Webinar Slides
Cloud PBX with Office 365 Webinar Slides
Arrow Systems Integration
 
Expocomm VoIP Presentation
Expocomm VoIP PresentationExpocomm VoIP Presentation
Expocomm VoIP Presentation
diego gosmar
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
Roland Driesen
 

Similar to VoIP Wars: Destroying Jar Jar Lync (Filtered version) (20)

Deploying lync evaluating costs and complexities
Deploying lync evaluating costs and complexitiesDeploying lync evaluating costs and complexities
Deploying lync evaluating costs and complexities
 
Justin Morris - Enhancing your lync 2013 rollout to make it a killer success ...
Justin Morris - Enhancing your lync 2013 rollout to make it a killer success ...Justin Morris - Enhancing your lync 2013 rollout to make it a killer success ...
Justin Morris - Enhancing your lync 2013 rollout to make it a killer success ...
 
Offre revendeurs UC
Offre revendeurs UCOffre revendeurs UC
Offre revendeurs UC
 
O365Engage17 - Skype for Business Cloud PBX in the Real World
O365Engage17 - Skype for Business Cloud PBX in the Real WorldO365Engage17 - Skype for Business Cloud PBX in the Real World
O365Engage17 - Skype for Business Cloud PBX in the Real World
 
Justin Morris - Understanding how lync server 2013 leverages the complete mic...
Justin Morris - Understanding how lync server 2013 leverages the complete mic...Justin Morris - Understanding how lync server 2013 leverages the complete mic...
Justin Morris - Understanding how lync server 2013 leverages the complete mic...
 
O365con14 - lync to the future
O365con14 - lync to the futureO365con14 - lync to the future
O365con14 - lync to the future
 
Microsoft Unified Communications Summit
Microsoft Unified Communications SummitMicrosoft Unified Communications Summit
Microsoft Unified Communications Summit
 
Lync online: How the cloud is changing the way we communicate
Lync online: How the cloud is changing the way we communicateLync online: How the cloud is changing the way we communicate
Lync online: How the cloud is changing the way we communicate
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
 
UC Expo 2018 - Microsoft Theatre 17/05/18 - Cloud Video Interop for Microsoft...
UC Expo 2018 - Microsoft Theatre 17/05/18 - Cloud Video Interop for Microsoft...UC Expo 2018 - Microsoft Theatre 17/05/18 - Cloud Video Interop for Microsoft...
UC Expo 2018 - Microsoft Theatre 17/05/18 - Cloud Video Interop for Microsoft...
 
Skype for business understanding what is new, preview or unchanged
Skype for business understanding what is new, preview or unchangedSkype for business understanding what is new, preview or unchanged
Skype for business understanding what is new, preview or unchanged
 
FreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBCFreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBC
 
FreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBCFreeSBC - A New Approach to the SBC
FreeSBC - A New Approach to the SBC
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 Presentation
 
WebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsWebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP Worlds
 
Microsoft Lync Oct 2010 Discovery Series
Microsoft Lync Oct 2010 Discovery SeriesMicrosoft Lync Oct 2010 Discovery Series
Microsoft Lync Oct 2010 Discovery Series
 
Steven gray resume word current
Steven gray resume word currentSteven gray resume word current
Steven gray resume word current
 
Cloud PBX with Office 365 Webinar Slides
Cloud PBX with Office 365 Webinar SlidesCloud PBX with Office 365 Webinar Slides
Cloud PBX with Office 365 Webinar Slides
 
Expocomm VoIP Presentation
Expocomm VoIP PresentationExpocomm VoIP Presentation
Expocomm VoIP Presentation
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 

More from Fatih Ozavci

Viproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik DenetimiViproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik Denetimi
Fatih Ozavci
 
Mahremiyetinizi Koruyun
Mahremiyetinizi KoruyunMahremiyetinizi Koruyun
Mahremiyetinizi Koruyun
Fatih Ozavci
 
NGN ve VoIP Ağları Güvenlik Denetimi
NGN ve VoIP Ağları Güvenlik DenetimiNGN ve VoIP Ağları Güvenlik Denetimi
NGN ve VoIP Ağları Güvenlik DenetimiFatih Ozavci
 
Metasploit Framework ile Exploit Gelistirme
Metasploit Framework ile Exploit GelistirmeMetasploit Framework ile Exploit Gelistirme
Metasploit Framework ile Exploit GelistirmeFatih Ozavci
 
Metasploit Framework - Giris Seviyesi Guvenlik Denetim Rehberi
Metasploit Framework - Giris Seviyesi Guvenlik Denetim RehberiMetasploit Framework - Giris Seviyesi Guvenlik Denetim Rehberi
Metasploit Framework - Giris Seviyesi Guvenlik Denetim RehberiFatih Ozavci
 
Bilgi Guvenligi Temel Kavramlar
Bilgi Guvenligi Temel Kavramlar Bilgi Guvenligi Temel Kavramlar
Bilgi Guvenligi Temel Kavramlar Fatih Ozavci
 
Mahremiyet Ekseninde Ozgur Yazilimlar
Mahremiyet Ekseninde Ozgur YazilimlarMahremiyet Ekseninde Ozgur Yazilimlar
Mahremiyet Ekseninde Ozgur YazilimlarFatih Ozavci
 
Ozgur Yazilimlar ile Saldiri Yontemleri
Ozgur Yazilimlar ile Saldiri YontemleriOzgur Yazilimlar ile Saldiri Yontemleri
Ozgur Yazilimlar ile Saldiri YontemleriFatih Ozavci
 
Ozgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik DenetimiOzgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik DenetimiFatih Ozavci
 
Metasploit Framework ile Güvenlik Denetimi
Metasploit Framework ile Güvenlik DenetimiMetasploit Framework ile Güvenlik Denetimi
Metasploit Framework ile Güvenlik DenetimiFatih Ozavci
 

More from Fatih Ozavci (10)

Viproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik DenetimiViproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik Denetimi
 
Mahremiyetinizi Koruyun
Mahremiyetinizi KoruyunMahremiyetinizi Koruyun
Mahremiyetinizi Koruyun
 
NGN ve VoIP Ağları Güvenlik Denetimi
NGN ve VoIP Ağları Güvenlik DenetimiNGN ve VoIP Ağları Güvenlik Denetimi
NGN ve VoIP Ağları Güvenlik Denetimi
 
Metasploit Framework ile Exploit Gelistirme
Metasploit Framework ile Exploit GelistirmeMetasploit Framework ile Exploit Gelistirme
Metasploit Framework ile Exploit Gelistirme
 
Metasploit Framework - Giris Seviyesi Guvenlik Denetim Rehberi
Metasploit Framework - Giris Seviyesi Guvenlik Denetim RehberiMetasploit Framework - Giris Seviyesi Guvenlik Denetim Rehberi
Metasploit Framework - Giris Seviyesi Guvenlik Denetim Rehberi
 
Bilgi Guvenligi Temel Kavramlar
Bilgi Guvenligi Temel Kavramlar Bilgi Guvenligi Temel Kavramlar
Bilgi Guvenligi Temel Kavramlar
 
Mahremiyet Ekseninde Ozgur Yazilimlar
Mahremiyet Ekseninde Ozgur YazilimlarMahremiyet Ekseninde Ozgur Yazilimlar
Mahremiyet Ekseninde Ozgur Yazilimlar
 
Ozgur Yazilimlar ile Saldiri Yontemleri
Ozgur Yazilimlar ile Saldiri YontemleriOzgur Yazilimlar ile Saldiri Yontemleri
Ozgur Yazilimlar ile Saldiri Yontemleri
 
Ozgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik DenetimiOzgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik Denetimi
 
Metasploit Framework ile Güvenlik Denetimi
Metasploit Framework ile Güvenlik DenetimiMetasploit Framework ile Güvenlik Denetimi
Metasploit Framework ile Güvenlik Denetimi
 

Recently uploaded

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 

Recently uploaded (20)

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 

VoIP Wars: Destroying Jar Jar Lync (Filtered version)

  • 1. Compliance, Protection & Business Confidence  Sense of Security Pty Ltd Sydney Level 8, 66 King Street Sydney NSW 2000 Australia Melbourne Level 15, 401 Docklands Drv Docklands VIC 3008 Australia T: 1300 922 923 T: +61 (0) 2 9290 4444 F: +61 (0) 2 9290 4455 info@senseofsecurity.com.au www.senseofsecurity.com.au ABN: 14 098 237 908 1 VoIP Wars: Destroying Jar Jar Lync 25 October 2015 Fatih Ozavci
  • 2. Speaker Fatih Ozavci, Principal Security Consultant • VoIP & phreaking • Mobile applications and devices • Network infrastructure • CPE, hardware and IoT hacking • Author of Viproy, Viproxy and VoIP Wars research series • Public speaker and trainer Blackhat USA, Defcon, HITB, AusCert, Troopers, Ruxcon 2
  • 4. 4 Current research status • This is only the first stage of the research • Analysing the security requirements of various designs • Developing a tool to • assess communication and voice policies in use • drive official client to attack other clients and servers • debug communication for further attacks • Watch this space • Viproy with Skype for Business authentication support • Potential vulnerabilities to be released
  • 5. 5 Agenda 1. Modern threats targeting UC on Skype for Business 2. Security requirements for various implementations 3. Security testing using Viproxy 4. Demonstration of vulnerabilities identified • CVE-2015-6061, CVE-2015-6062, CVE-2015-6063
  • 6. 6 Security requirements for UC Corporate Communication Commercial Services VLAN Hopping CDP/DTP Attacks Device Tampering MITM Skinny Encryption Authentication DHCP Snooping SIP Physical Security Trust Relationships DDoS Call Spoofing File/Screen Sharing Messaging Toll Fraud Mobile/Desktop Clients Voicemail Botnets Proxy Hosted & Distributed Networks Call Centre Hosted VoIP SSO Federation WebRTC Management Sandbox Encryption Isolation Mobile/Desktop Clients Competitors
  • 9. 9 UC on Skype for Business • Active Directory, DNS (SRV, NAPTR/Enum) and SSO • Extensions to the traditional protocols • SIP/SIPE, XMPP, OWA/Exchange • PSTN mapping to users • Device support for IP phones and teleconference systems • Mobile services • Not only for corporate communication • Call centres, hosted Lync/Skype services • Office 365 online services, federated services
  • 10. 10 VoIP basics 1- REGISTER 1- 200 OK 2- INVITE 3- INVITE 2- 100 Trying 3- 200 OK 4- ACK RTP Proxy SRTP (AES) Client A Client B SRTP (AES) 4- 200 OK RTP Proxy SRTP (AES) Skype for Business 2015
  • 11. 11 Corporate communication Windows 2012 R2 Domain Controller Windows 2012 R2 Exchange & OWA Skype for Business 2015 Mobile Devices Laptops Phones & Teleconference Systems Services: • Voice and video calls • Instant messaging • Presentation and collaboration • File and desktop sharing • Public and private meetings PSTN Gateway SIP Trunk SIP/TLS ?
  • 12. 12 Federated communication Services: • Federation connections (DNS, Enum, SIP proxies) • Skype for Business external authentication • Connecting the users without individual setup • Public meetings, calls and instant messaging DNS Server Skype for Business 2015 ABC Enterprise Federation communication SIP/TLS ? Mobile ABC Laptop ABC Skype for Business 2015 Edge Server ABC Enterprise Skype for Business 2015 XYZ Enterprise DNS & Enum Services Mobile XYZ
  • 15. 15 Security of Skype for Business • SIP over TLS is enforced for clients by default • SRTP using AES is enforced for clients by default • SIP replay attack protections are used on servers • Responses have a signature of the critical SIP headers • Content itself and custom headers are not in scope • Clients validate the server response signatures • SIP trunks (PSTN gateway) security • TLS enabled and IP restricted • No authentication support
  • 16. 16 Research and vulnerabilities related • Defcon 20 – The end of the PSTN as you know it • Jason Ostrom, William Borskey, Karl Feinauer • Federation fundamentals, Enumerator, Lyncspoof • Remote command execution through vulnerabilities on the font and graphics libraries (MS15-080, MS15-044) • Targeting Microsoft Lync users with malwared Microsoft Office files • Denial of service and XSS vulnerabilities (MS14-055)
  • 17. 17 Security testing • 3 ways to conduct security testing • Compliance and configuration analysis • MITM analysis (Viproxy 2.0) • Using a custom security tester (Viproy 4.0 is coming soon) • Areas to focus on • Identifying design, authentication and authorisation issues • Unlocking client restrictions to bypass policies • Identifying client and server vulnerabilities • Testing business logic issues, dial plans and user rights
  • 18. 18 Discovering Skype for Business • Autodiscovery features • Autodiscovery web services • Subdomains and DNS records (SRV, NAPTR) • Web services • Authentication, Webtickets and TLS web services • Meeting invitations and components • Skype for Business web application • Active Directory integration • Information gathering via server errors
  • 19. 19 Corporate communication policy • Design of the communication infrastructure • Phone numbers, SIP URIs, domains, federations, gateways • Client type, version and feature enforcements • Meeting codes, security, user rights to create meetings • Open components such as Skype for Business web app • Feature restrictions on clients • File, content and desktop sharing restrictions • User rights (admin vs user) • Encryption design for signalling and media
  • 20. 20 Corporate communication policy The default/custom policies should be assigned to users and groups
  • 21. 21 Corporate communication policy • Meeting rights to be assigned by users • Policies assigned are in use
  • 22. 22 SRTP AES implementation • SRTP using AES is enforced for clients (No ZRTP) • SIP/TLS is enforced for clients • SIP/TLS is optional for SIP trunks and PSTN gateways • Compatibility challenges vs Default configuration • SIP/TCP gateways may leak the SRTP encryption keys a=ice-ufrag:x30M a=ice-pwd:oW7iYHXiAOr19UH05baO7bMJ a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:Gu +c81XctWoAHro7cJ9uN6WqW7QPJndjXfZsofl8|2^31|1:1
  • 23. 23 MITM analysis using Viproxy • Challenges • SIP/TLS is enabled by default • Microsoft Lync clients validate the TLS cert • Compression is enabled, not easy to read • Viproxy 2.0 • A standalone Metasploit module • Supports TCP/TLS interception with TLS certs • Disables compression • Modifies the actions of an official client • Provides a command console for real-time attacks
  • 24. • Debugging the protocol and collecting samples • Basic find & replace with fuzzing support • Unlocking restricted client features • Bypassing communication policies in use • Injecting malicious content 24 Viproxy test setup Windows 10 Skype for Business Clients Viproxy 2.0 MS Lync for Mac 2011 Client to be used for attacks Windows 2012 R2 Skype for Business 2015 Server
  • 25. 25 Analysing the corporate policy • Instant Messaging (IM) restrictions • File type filters for the file transfers • URL filters for the messaging • Set-CsClientPolicy (DisableEmoticons, DisableHtmlIm, DisableRTFIm) • Call forwarding rights • Meeting rights • Federated attendees • Public attendees • Clients’ default meeting settings • Insecure client versions allowed
  • 26. 26 Attack surfaces on IM and calls • Various content types (HTML, JavaScript, PPTs) • File, desktop and presentation sharing • Limited filtering options (IIMFilter) • File Filter (e.g. exe, xls, ppt, psh) • URL Filter (e.g. WWW, HTTP, call, SIP) • Set-CsClientPolicy (DisableHtmlIm, DisableRTFIm) • Clients process the content before invitation • Presence and update messages • Call and IM invitation requests • Mass compromise via meetings and multiple endpoints
  • 27. 27 Parsing errors and exceptions to be shared later
  • 28. 28 Bypassing URL filter in IM to be shared later
  • 29. 29 URL filter bypass Windows 10 Skype for Business Clients Viproxy 2.0 MS Lync for Mac 2011 Client to be used for attacks Windows 2012 R2 Skype for Business 2015 Server Reverse browser visiting
  • 30. 30 Sending INVITEs w/ HTML/XSS to be shared later
  • 31. 31 Fake Skype update via INVITE
  • 32. 32 Multi endpoint communication • Meeting requests • Private meetings, Open meetings, Web sessions • Multi callee invitations and messages • Attacks do not need actions from the attendees/callees • Injecting endpoints to the requests • XML conference definitions in the INVITE requests • INVITE headers • Endpoint headers • 3rd party SIP trunk, PSTN gateway or federation
  • 33. 33 Sending messages w/ HTML/XSS to be shared later
  • 34. 34 Mass compromise of clients Windows 10 Skype for Business Clients Viproy 4.0 Windows 2012 R2 Skype for Business 2015 Server BEEF Framework Waiting for the XSS hooks Reverse browser hooks CentOS Linux Freeswitch SIP Trunk PSTN Gateway
  • 36. 36 Second stage of the research Analysis of • mobile clients and SFB web app • SFB meeting security and public access • federation security and trust analysis • Further analysis of the crashes and parsing errors identified for exploitation • Social engineering templates for Viproxy and Viproy • Viproy 4.0 with Skype for Business authentication, fuzzing and discovery support
  • 37. 37 Securing Unified Communications Secure design is always the foundation • Physical security of endpoints (e.g. IP phones, teleconference rooms) should be improved • Networks should be segmented based on their trust level • Authentication and encryption should be enabled • Protocol vulnerabilities can be fixed with secure design • Disable unnecessary IM, call and meeting features • Software updates should be reviewed and installed
  • 38. 38 Previously on VoIP Wars VoIP Wars I: Return of the SIP (Defcon, Cluecon, Ruxcon, Athcon) •Modern VoIP attacks via SIP services explained •SIP trust hacking, SIP proxy bounce attack and attacking mobile VoIP clients demonstrated •https://youtu.be/d6cGlTB6qKw VoIP Wars II : Attack of the Cisco phones (Defcon, Blackhat USA) •30+ Cisco HCS vulnerabilities including 0days •Viproy 2.0 with CUCDM exploits, CDP and Skinny support •Hosted VoIP security risks and existing threats discussed •https://youtu.be/hqL25srtoEY The Art of VoIP Hacking Workshop (Defcon, Troopers, AusCERT, Kiwicon) •Live exploitation exercises for several VoIP vulnerabilities •3 0day exploits for Vi-vo and Boghe VoIP clients •New Viproy 3.7 modules and improved features •https://www.linkedin.com/pulse/art-voip-hacking-workshop-materials-fatih-ozavci
  • 39. 39 References Viproy VoIP Penetration and Exploitation Kit Author : http://viproy.com/fozavci Homepage : http://viproy.com Github : http://www.github.com/fozavci/viproy-voipkit VoIP Wars : Attack of the Cisco Phones https://youtu.be/hqL25srtoEY VoIP Wars : Return of the SIP https://youtu.be/d6cGlTB6qKw
  • 42. 42 Thank you Head office is level 8, 66 King Street, Sydney, NSW 2000, Australia. Owner of trademark and all copyright is Sense of Security Pty Ltd. Neither text or images can be reproduced without written permission. T: 1300 922 923 T: +61 (0) 2 9290 4444 F: +61 (0) 2 9290 4455 info@senseofsecurity.com.au www.senseofsecurity.com.au