Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as call centre, internal communication, cloud communication and video conference platform. These services are based on the VoIP and instant messaging protocols, and support multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also the official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with .NET framework. Although the Microsoft Lync platform has been developed along with the new technologies, it still suffers from old VoIP, teleconference and platform issues.
Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks and insecure compatibility options may allow attackers to hijack enterprise communications. The enterprise users and employees are also the next generation targets for these attackers. They can attack client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead to privacy violations, legal issues, call/toll fraud and intelligence collection.
Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules of the Viproy VoIP kit developed by the speaker. This will be accompanied by live demonstrations against a test environment.
• A brief introduction to Microsoft Lync ecosystem
• Security requirements, design vulnerabilities and priorities
• Modern threats against commercial Microsoft Lync services
• Demonstration of new attack vectors against target test platform
Black Hat USA 2016 - Presentation Video
https://www.youtube.com/watch?v=rl_kp5UZKlw
Larger organisations are using VoIP within their commercial services and corporate communications and the take up of cloud based Unified Communications (UC) solutions is rising every day. However, response teams and security testers have limited knowledge of VoIP attack surfaces and threats in the wild. Due to this lack of understanding of modern UC security requirements, numerous service providers, larger organisations and subscribers are leaving themselves susceptible to attack. Current threat actors are repurposing this exposed infrastructure for botnets, toll fraud etc.
The talk aims to arm response and security testing teams with knowledge of cutting-edge attacks, tools and vulnerabilities for VoIP networks. Some of the headlines are: attacking cloud based VoIP solutions to jailbreak tenant environments; discovering critical security vulnerabilities with the VoIP products of major vendors; exploiting harder to fix VoIP protocol and service vulnerabilities; testing the security of IP Multimedia Subsystem (IMS) services; and understanding the toolset developed by the author to discover previously unknown vulnerabilities and to develop custom attacks. In addition, the business impact of these attacks will be explained for various implementations, such as cloud UC services, commercial services, service provider networks and corporate communication. Through the demonstrations, the audience will understand how can they secure and test their communication infrastructure and services. The talk will also be accompanied by the newer versions of Viproy and Viproxy developed by the author to operate the attack demonstrations.
Departed Communications: Learn the ways to smash them!Fatih Ozavci
Unified Communications (UC) is widely used by larger organisations for video conferences, office collaboration, cloud services and mobile communications. These services also have key roles in the IP Multimedia Subsystem (IMS) implementations of next generation mobile networks. As a result of these, customers require unified collaboration; and the telecommunications industry offers managed communications services and infrastructure using UC and IMS technologies. These offerings also come with design issues, well-known security vulnerabilities and legacy services.
Security testing of communication networks, however, is underestimated, and mostly under-scoped. Due to the lack of time and resources, the results of the security tests are only providing a security illusion. On the other hand, the advanced VoIP and UC attacks can be much faster and efficient with a proper methodology used. Therefore, this talk aims to improve the testing skills of the assurance teams for better penetration testing results. The theme of the talk is on transferring the VoIP and UC knowledge from a phreak to penetration testers. This will be performed through practical attack demonstrations, testing tips and automated actions.
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as call centre, internal communication, cloud communication and video conference platform. These services are based on the VoIP and instant messaging protocols, and support multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also the official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with .NET framework. Although the Microsoft Lync platform has been developed along with the new technologies, it still suffers from old VoIP, teleconference and platform issues.
Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks and insecure compatibility options may allow attackers to hijack enterprise communications. The enterprise users and employees are also the next generation targets for these attackers. They can attack client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead to privacy violations, legal issues, call/toll fraud and intelligence collection.
Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules of the Viproy VoIP kit developed by the speaker. This will be accompanied by live demonstrations against a test environment.
• A brief introduction to Microsoft Lync ecosystem
• Security requirements, design vulnerabilities and priorities
• Modern threats against commercial Microsoft Lync services
• Demonstration of new attack vectors against target test platform
This is my Athcon 2013 slide set. I also demonstrated that attacking mobile applications via SIP Trust, scanning via SIP proxies and MITM fuzzing in Live Demo.
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
VoIP attacks have evolved, and they are targeting Unified Communications (UC), commercial services, hosted environment and call centres using major vendor and protocol vulnerabilities. This workshop is designed to demonstrate these cutting edge VoIP attacks, and improve the VoIP skills of the incident response teams, penetration testers and network engineers. Signalling protocols are the centre of UC environments, but also susceptible to IP spoofing, trust issues, call spoofing, authentication bypass and invalid signalling flows. They can be hacked with legacy techniques, but a set of new attacks will be demonstrated in this workshop. This workshop includes basic attack types for UC infrastructure, advanced attacks to the SIP and Skinny protocol weaknesses, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy use to analyse signalling services using novel techniques. Also the well-known attacks to the network infrastructure will be combined with the current VoIP vulnerabilities to test the target workshop network. Attacking VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by Fatih). It has a dozen modules to test trust hacking issues, information collected from SIP and Skinny services, gaining unauthorised access, call redirection, call spoofing, brute-forcing VoIP accounts, Cisco CUCDM exploitation and debugging services using as MITM. Furthermore, Viproy provides these attack modules in the Metasploit Framework environment with full integration. The workshop contains live demonstration of practical VoIP attacks and usage of the Viproy modules.
In this hands-on workshop, attendees will learn about basic attack types for UC infrastructure, advanced attacks to the SIP protocol weaknesses, Cisco Skinny protocol hacking, hacking Cisco CUCDM and CUCM servers, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy VoIP pen-test kit to analyse VoIP services using novel techniques. New CDP, CUCDM and Cisco Skinny modules and techniques of Viproy will be demonstrated in the workshop as well.
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceFatih Ozavci
Enterprise companies are using consumer and IoT devices to complete (or expand) their services such as broadband, IPTV, media streaming, satellite, voice and 3G/4G services. Although the devices are owned by the service providers, subscribers have limited (or full) access to them with service agreements. In addition to that, some of consumer devices also have roles on corporate communications, environment security or employee services. Consumer devices are located at subscriber premises; therefore, the traditional security testing approach only covers backend services security, not the devices.
Consumer and IoT devices are susceptible to hardware hacking based attacks such as firmware dumping, re-flashing with a custom firmware, and getting low level access using the physical management interfaces such as SPI, JTAG and UART. Low level access obtained can be used to modify device behaviours or their initial states. This helps attackers to debug consumer devices and operator services, to find new vulnerabilities, and to obtain the device configuration which may contain credentials for the service infrastructure.
Embedded device and hardware hacking is a rising skill set for penetration testers. It is required to understand targeted attacks which may include hardware implants, modified hardware attacking their own infrastructure or compromised devices that target the human factor. Some of advanced testing examples to be discussed are preparing a custom hardware for persistent access during a red teaming exercise, preparing a compromised consumer device for human factor pen-testing, attacking TR-069 services of a provider using smart home modems or altering the security controls of a device to abuse the service.
The presentation focuses on how the existing security testing techniques should be evolved with hardware and IoT hacking, and how service providers can make their infrastructure secure for cutting-edge attacks. Essential hardware hacking information, identifying and using physical management interfaces, hardware hacking toolset, well-known hardware attacks and hardware testing procedure will be presented in a road map for consumer devices security testing. Also a security testing approach will be explained to develop new security testing services and to improve existing ones such as red teaming, human factor pen-testing and infrastructure pen-testing.
Black Hat USA 2016 - Presentation Video
https://www.youtube.com/watch?v=rl_kp5UZKlw
Larger organisations are using VoIP within their commercial services and corporate communications and the take up of cloud based Unified Communications (UC) solutions is rising every day. However, response teams and security testers have limited knowledge of VoIP attack surfaces and threats in the wild. Due to this lack of understanding of modern UC security requirements, numerous service providers, larger organisations and subscribers are leaving themselves susceptible to attack. Current threat actors are repurposing this exposed infrastructure for botnets, toll fraud etc.
The talk aims to arm response and security testing teams with knowledge of cutting-edge attacks, tools and vulnerabilities for VoIP networks. Some of the headlines are: attacking cloud based VoIP solutions to jailbreak tenant environments; discovering critical security vulnerabilities with the VoIP products of major vendors; exploiting harder to fix VoIP protocol and service vulnerabilities; testing the security of IP Multimedia Subsystem (IMS) services; and understanding the toolset developed by the author to discover previously unknown vulnerabilities and to develop custom attacks. In addition, the business impact of these attacks will be explained for various implementations, such as cloud UC services, commercial services, service provider networks and corporate communication. Through the demonstrations, the audience will understand how can they secure and test their communication infrastructure and services. The talk will also be accompanied by the newer versions of Viproy and Viproxy developed by the author to operate the attack demonstrations.
Departed Communications: Learn the ways to smash them!Fatih Ozavci
Unified Communications (UC) is widely used by larger organisations for video conferences, office collaboration, cloud services and mobile communications. These services also have key roles in the IP Multimedia Subsystem (IMS) implementations of next generation mobile networks. As a result of these, customers require unified collaboration; and the telecommunications industry offers managed communications services and infrastructure using UC and IMS technologies. These offerings also come with design issues, well-known security vulnerabilities and legacy services.
Security testing of communication networks, however, is underestimated, and mostly under-scoped. Due to the lack of time and resources, the results of the security tests are only providing a security illusion. On the other hand, the advanced VoIP and UC attacks can be much faster and efficient with a proper methodology used. Therefore, this talk aims to improve the testing skills of the assurance teams for better penetration testing results. The theme of the talk is on transferring the VoIP and UC knowledge from a phreak to penetration testers. This will be performed through practical attack demonstrations, testing tips and automated actions.
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as call centre, internal communication, cloud communication and video conference platform. These services are based on the VoIP and instant messaging protocols, and support multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also the official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with .NET framework. Although the Microsoft Lync platform has been developed along with the new technologies, it still suffers from old VoIP, teleconference and platform issues.
Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks and insecure compatibility options may allow attackers to hijack enterprise communications. The enterprise users and employees are also the next generation targets for these attackers. They can attack client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead to privacy violations, legal issues, call/toll fraud and intelligence collection.
Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules of the Viproy VoIP kit developed by the speaker. This will be accompanied by live demonstrations against a test environment.
• A brief introduction to Microsoft Lync ecosystem
• Security requirements, design vulnerabilities and priorities
• Modern threats against commercial Microsoft Lync services
• Demonstration of new attack vectors against target test platform
This is my Athcon 2013 slide set. I also demonstrated that attacking mobile applications via SIP Trust, scanning via SIP proxies and MITM fuzzing in Live Demo.
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
VoIP attacks have evolved, and they are targeting Unified Communications (UC), commercial services, hosted environment and call centres using major vendor and protocol vulnerabilities. This workshop is designed to demonstrate these cutting edge VoIP attacks, and improve the VoIP skills of the incident response teams, penetration testers and network engineers. Signalling protocols are the centre of UC environments, but also susceptible to IP spoofing, trust issues, call spoofing, authentication bypass and invalid signalling flows. They can be hacked with legacy techniques, but a set of new attacks will be demonstrated in this workshop. This workshop includes basic attack types for UC infrastructure, advanced attacks to the SIP and Skinny protocol weaknesses, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy use to analyse signalling services using novel techniques. Also the well-known attacks to the network infrastructure will be combined with the current VoIP vulnerabilities to test the target workshop network. Attacking VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by Fatih). It has a dozen modules to test trust hacking issues, information collected from SIP and Skinny services, gaining unauthorised access, call redirection, call spoofing, brute-forcing VoIP accounts, Cisco CUCDM exploitation and debugging services using as MITM. Furthermore, Viproy provides these attack modules in the Metasploit Framework environment with full integration. The workshop contains live demonstration of practical VoIP attacks and usage of the Viproy modules.
In this hands-on workshop, attendees will learn about basic attack types for UC infrastructure, advanced attacks to the SIP protocol weaknesses, Cisco Skinny protocol hacking, hacking Cisco CUCDM and CUCM servers, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy VoIP pen-test kit to analyse VoIP services using novel techniques. New CDP, CUCDM and Cisco Skinny modules and techniques of Viproy will be demonstrated in the workshop as well.
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceFatih Ozavci
Enterprise companies are using consumer and IoT devices to complete (or expand) their services such as broadband, IPTV, media streaming, satellite, voice and 3G/4G services. Although the devices are owned by the service providers, subscribers have limited (or full) access to them with service agreements. In addition to that, some of consumer devices also have roles on corporate communications, environment security or employee services. Consumer devices are located at subscriber premises; therefore, the traditional security testing approach only covers backend services security, not the devices.
Consumer and IoT devices are susceptible to hardware hacking based attacks such as firmware dumping, re-flashing with a custom firmware, and getting low level access using the physical management interfaces such as SPI, JTAG and UART. Low level access obtained can be used to modify device behaviours or their initial states. This helps attackers to debug consumer devices and operator services, to find new vulnerabilities, and to obtain the device configuration which may contain credentials for the service infrastructure.
Embedded device and hardware hacking is a rising skill set for penetration testers. It is required to understand targeted attacks which may include hardware implants, modified hardware attacking their own infrastructure or compromised devices that target the human factor. Some of advanced testing examples to be discussed are preparing a custom hardware for persistent access during a red teaming exercise, preparing a compromised consumer device for human factor pen-testing, attacking TR-069 services of a provider using smart home modems or altering the security controls of a device to abuse the service.
The presentation focuses on how the existing security testing techniques should be evolved with hardware and IoT hacking, and how service providers can make their infrastructure secure for cutting-edge attacks. Essential hardware hacking information, identifying and using physical management interfaces, hardware hacking toolset, well-known hardware attacks and hardware testing procedure will be presented in a road map for consumer devices security testing. Also a security testing approach will be explained to develop new security testing services and to improve existing ones such as red teaming, human factor pen-testing and infrastructure pen-testing.
Part of the TelcoBridges How To series, Luc Morissette, Director of Customer Support and co-founder of TelcoBridges shows the installation and initial configuration of FreeSBC on a VMware virtual machine.
Will STIR/SHAKEN Solve the Illegal Robocall Problem?Alan Percy
Illegal robocalls continue to be a significant problem for consumers and businesses of all sizes. STIR/SHAKEN is expected to reduce illegal spam calls, but those behind the illegal calls will persist, wasting time, clogging up phone lines, and in some cases, perpetrating phishing attacks. Join us as we discuss the current state of STIR/SHAKEN and explain why further Robocall Mitigation is required.
Stay with us as Gerry Christensen, VP of Business Development and Strategic Partnerships at YouMail joins us to share an AI-powered robocall analytics platform that can be used by service providers and enterprises to block much of the unwanted traffic.
Video recording of the session is available at:
https://www2.telcobridges.com/videolibrary
How to protect your business telephony from cyber attacks - webinar 2017, Eng...Askozia
Voice-over-IP (VoIP) provides many new features over PSTN. However, the interconnection with your IT infrastructure also carries risks affecting the security and integrity of your IP services. As IT networks are targeted by attackers, insufficient prevention can endanger not only your network but your telecommunication infrastructure that is build on top of it. This paper aims to educate about possible risks, common attacks and how to prevent them from being successful.
Squire Technologies: Class 4 Softswitch Presentation.
The SVI_C4 Softswitch provides to both Carrier and Enterprise markets a high performance, scalable Class 4 SoftSwitch enabling the delivery of secure, reliable VoIP traffic and services over multiple IP networks.
The core of the SVI_C4 Class 4 SoftSwitch is a powerful, robust signalling engine with a number of optional “add-ons”, allowing clients to deliver Carrier grade VoIP services.
Part of the TelcoBridges How To series, Luc Morissette, Director of Customer Support and co-founder of TelcoBridges shows the installation and initial configuration of FreeSBC on a VMware virtual machine.
Will STIR/SHAKEN Solve the Illegal Robocall Problem?Alan Percy
Illegal robocalls continue to be a significant problem for consumers and businesses of all sizes. STIR/SHAKEN is expected to reduce illegal spam calls, but those behind the illegal calls will persist, wasting time, clogging up phone lines, and in some cases, perpetrating phishing attacks. Join us as we discuss the current state of STIR/SHAKEN and explain why further Robocall Mitigation is required.
Stay with us as Gerry Christensen, VP of Business Development and Strategic Partnerships at YouMail joins us to share an AI-powered robocall analytics platform that can be used by service providers and enterprises to block much of the unwanted traffic.
Video recording of the session is available at:
https://www2.telcobridges.com/videolibrary
How to protect your business telephony from cyber attacks - webinar 2017, Eng...Askozia
Voice-over-IP (VoIP) provides many new features over PSTN. However, the interconnection with your IT infrastructure also carries risks affecting the security and integrity of your IP services. As IT networks are targeted by attackers, insufficient prevention can endanger not only your network but your telecommunication infrastructure that is build on top of it. This paper aims to educate about possible risks, common attacks and how to prevent them from being successful.
Squire Technologies: Class 4 Softswitch Presentation.
The SVI_C4 Softswitch provides to both Carrier and Enterprise markets a high performance, scalable Class 4 SoftSwitch enabling the delivery of secure, reliable VoIP traffic and services over multiple IP networks.
The core of the SVI_C4 Class 4 SoftSwitch is a powerful, robust signalling engine with a number of optional “add-ons”, allowing clients to deliver Carrier grade VoIP services.
Lync online: How the cloud is changing the way we communicatePerficient, Inc.
An in-depth slideshare on Lync Online and Lync Hybrid functionality, requirements and best practices to help you decide if Lync Online is the right fit for your organization. You will learn all about Lync hybrid - from a functionality review and required on-premises infrastructure components, to account migration best practices. You will see:
Feature comparisons of Lync 2013 on-premises vs. Lync Online
Voice, conferencing and ACP integration considerations
Information about the option to deploy a hybrid Lync environment
UC Expo 2018 - Microsoft Theatre 17/05/18 - Cloud Video Interop for Microsoft...Graham Walsh
Cloud Video Interop for Microsoft Teams for the enterprise and why you should care, presented by Graham Walsh of Pexip. Looking at business to consumer examples of extending Skype for Business to the end user.
Skype for business understanding what is new, preview or unchangedFabrizio Volpe
After seven months from the release date of Skype for Business, it is a good moment for an assessment. We will see what is new, what is available as a preview and what has not changed from Lync Server 2013. The session will be a high-level overview of the innovations in the product. We will talk about topics Video Interop Server role, improvements in server management and voice and meetings capabilities in Office 365 that are now in preview (Skype Meeting Broadcast, PSTN Conferencing and Cloud PBX).
A webinar introduction to FreeSBC, explaining the unique business model, product features, use cases and a customer case study. A great overview to help prospective users get oriented.
A webinar introduction to FreeSBC, explaining the unique business model, product features, use cases and a customer case study. A great overview to help prospective users get oriented.
Microsoft Directors, Patrick Payette and Jonathan Sides are talking about Microsoft Cloud PBX. Making the PBX move to the Cloud is very popular conversation these two are having with customers and peers. They’re joining Instant Insight to talk about why this conversation/debate is so popular and what advantages they’re seeing by making that transition. Cloud PBX is the future—definitely a conversation worth listening to help you shape some of your PBX goals going forward.
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
Covid has drastically changed the way people work. Nowadays, many individuals can work wherever and whenever they prefer. However, this shift requires a different strategy for securing your environment. By adopting the Zero Trust principles, based on the 'Never Trust, Always Verify' mindset, you can mitigate these new risks. This session will delve into the concept and provide examples of how various HCL products can fit into this framework, particularly when it comes to building a central user repository and securing your email message flow.
Similar to VoIP Wars: Destroying Jar Jar Lync (Filtered version) (20)
Gezi Parkı protestoları nedeniyle oluşan mahremiyet ihlallerini önlemek ve mahremiyetin korunması için yapılması gerekenleri anlatan bu sunum, Abbasağa Park'ında sunulmuştur.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
1. Compliance, Protection & Business Confidence
Sense of Security Pty Ltd
Sydney
Level 8, 66 King Street
Sydney NSW 2000 Australia
Melbourne
Level 15, 401 Docklands Drv
Docklands VIC 3008 Australia
T: 1300 922 923
T: +61 (0) 2 9290 4444
F: +61 (0) 2 9290 4455
info@senseofsecurity.com.au
www.senseofsecurity.com.au
ABN: 14 098 237 908
1
VoIP Wars: Destroying Jar Jar Lync
25 October 2015
Fatih Ozavci
2. Speaker
Fatih Ozavci, Principal Security Consultant
• VoIP & phreaking
• Mobile applications and devices
• Network infrastructure
• CPE, hardware and IoT hacking
• Author of Viproy, Viproxy and VoIP Wars research series
• Public speaker and trainer
Blackhat USA, Defcon, HITB, AusCert, Troopers, Ruxcon
2
4. 4
Current research status
• This is only the first stage of the research
• Analysing the security requirements of various designs
• Developing a tool to
• assess communication and voice policies in use
• drive official client to attack other clients and servers
• debug communication for further attacks
• Watch this space
• Viproy with Skype for Business authentication support
• Potential vulnerabilities to be released
5. 5
Agenda
1. Modern threats targeting UC on Skype for Business
2. Security requirements for various implementations
3. Security testing using Viproxy
4. Demonstration of vulnerabilities identified
• CVE-2015-6061, CVE-2015-6062, CVE-2015-6063
9. 9
UC on Skype for Business
• Active Directory, DNS (SRV, NAPTR/Enum) and SSO
• Extensions to the traditional protocols
• SIP/SIPE, XMPP, OWA/Exchange
• PSTN mapping to users
• Device support for IP phones and teleconference systems
• Mobile services
• Not only for corporate communication
• Call centres, hosted Lync/Skype services
• Office 365 online services, federated services
10. 10
VoIP basics
1- REGISTER
1- 200 OK
2- INVITE
3- INVITE
2- 100 Trying
3- 200 OK
4- ACK
RTP
Proxy
SRTP (AES)
Client A
Client B
SRTP
(AES)
4- 200 OK
RTP
Proxy
SRTP (AES)
Skype for Business 2015
11. 11
Corporate communication
Windows 2012 R2
Domain Controller
Windows 2012 R2
Exchange & OWA
Skype for Business 2015
Mobile Devices
Laptops
Phones & Teleconference Systems
Services:
• Voice and video calls
• Instant messaging
• Presentation and collaboration
• File and desktop sharing
• Public and private meetings
PSTN Gateway
SIP Trunk
SIP/TLS ?
12. 12
Federated communication
Services:
• Federation connections (DNS, Enum, SIP proxies)
• Skype for Business external authentication
• Connecting the users without individual setup
• Public meetings, calls and instant messaging DNS Server
Skype for Business 2015
ABC Enterprise
Federation
communication
SIP/TLS ?
Mobile ABC
Laptop ABC
Skype for Business 2015
Edge Server
ABC Enterprise
Skype for Business 2015
XYZ Enterprise
DNS & Enum
Services
Mobile XYZ
15. 15
Security of Skype for Business
• SIP over TLS is enforced for clients by default
• SRTP using AES is enforced for clients by
default
• SIP replay attack protections are used on
servers
• Responses have a signature of the critical SIP headers
• Content itself and custom headers are not in scope
• Clients validate the server response signatures
• SIP trunks (PSTN gateway) security
• TLS enabled and IP restricted
• No authentication support
16. 16
Research and vulnerabilities related
• Defcon 20 – The end of the PSTN as you know it
• Jason Ostrom, William Borskey, Karl Feinauer
• Federation fundamentals, Enumerator, Lyncspoof
• Remote command execution through vulnerabilities
on the font and graphics libraries (MS15-080,
MS15-044)
• Targeting Microsoft Lync users with malwared
Microsoft Office files
• Denial of service and XSS vulnerabilities (MS14-055)
17. 17
Security testing
• 3 ways to conduct security testing
• Compliance and configuration analysis
• MITM analysis (Viproxy 2.0)
• Using a custom security tester (Viproy 4.0 is coming soon)
• Areas to focus on
• Identifying design, authentication and authorisation issues
• Unlocking client restrictions to bypass policies
• Identifying client and server vulnerabilities
• Testing business logic issues, dial plans and user rights
18. 18
Discovering Skype for Business
• Autodiscovery features
• Autodiscovery web services
• Subdomains and DNS records (SRV, NAPTR)
• Web services
• Authentication, Webtickets and TLS web services
• Meeting invitations and components
• Skype for Business web application
• Active Directory integration
• Information gathering via server errors
19. 19
Corporate communication policy
• Design of the communication infrastructure
• Phone numbers, SIP URIs, domains, federations,
gateways
• Client type, version and feature enforcements
• Meeting codes, security, user rights to create meetings
• Open components such as Skype for Business web app
• Feature restrictions on clients
• File, content and desktop sharing restrictions
• User rights (admin vs user)
• Encryption design for signalling and media
22. 22
SRTP AES implementation
• SRTP using AES is enforced for clients (No ZRTP)
• SIP/TLS is enforced for clients
• SIP/TLS is optional for SIP trunks and PSTN gateways
• Compatibility challenges vs Default configuration
• SIP/TCP gateways may leak the SRTP encryption keys
a=ice-ufrag:x30M
a=ice-pwd:oW7iYHXiAOr19UH05baO7bMJ
a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:Gu
+c81XctWoAHro7cJ9uN6WqW7QPJndjXfZsofl8|2^31|1:1
23. 23
MITM analysis using Viproxy
• Challenges
• SIP/TLS is enabled by default
• Microsoft Lync clients validate the TLS cert
• Compression is enabled, not easy to read
• Viproxy 2.0
• A standalone Metasploit module
• Supports TCP/TLS interception with TLS certs
• Disables compression
• Modifies the actions of an official client
• Provides a command console for real-time attacks
24. • Debugging the protocol and collecting samples
• Basic find & replace with fuzzing support
• Unlocking restricted client features
• Bypassing communication policies in use
• Injecting malicious content
24
Viproxy test setup
Windows 10
Skype for Business Clients
Viproxy 2.0
MS Lync for Mac 2011
Client to be used for attacks
Windows 2012 R2
Skype for Business 2015 Server
25. 25
Analysing the corporate policy
• Instant Messaging (IM) restrictions
• File type filters for the file transfers
• URL filters for the messaging
• Set-CsClientPolicy (DisableEmoticons, DisableHtmlIm, DisableRTFIm)
• Call forwarding rights
• Meeting rights
• Federated attendees
• Public attendees
• Clients’ default meeting settings
• Insecure client versions allowed
26. 26
Attack surfaces on IM and calls
• Various content types (HTML, JavaScript, PPTs)
• File, desktop and presentation sharing
• Limited filtering options (IIMFilter)
• File Filter (e.g. exe, xls, ppt, psh)
• URL Filter (e.g. WWW, HTTP, call, SIP)
• Set-CsClientPolicy (DisableHtmlIm, DisableRTFIm)
• Clients process the content before invitation
• Presence and update messages
• Call and IM invitation requests
• Mass compromise via meetings and multiple endpoints
29. 29
URL filter bypass
Windows 10
Skype for Business Clients
Viproxy 2.0
MS Lync for Mac 2011
Client to be used for attacks
Windows 2012 R2
Skype for Business 2015 Server
Reverse browser visiting
32. 32
Multi endpoint communication
• Meeting requests
• Private meetings, Open meetings, Web sessions
• Multi callee invitations and messages
• Attacks do not need actions from the attendees/callees
• Injecting endpoints to the requests
• XML conference definitions in the INVITE requests
• INVITE headers
• Endpoint headers
• 3rd party SIP trunk, PSTN gateway or federation
34. 34
Mass compromise of clients
Windows 10
Skype for Business Clients
Viproy 4.0 Windows 2012 R2
Skype for Business 2015 Server
BEEF Framework
Waiting for the XSS hooks
Reverse browser hooks
CentOS Linux
Freeswitch
SIP Trunk
PSTN Gateway
36. 36
Second stage of the research
Analysis of
• mobile clients and SFB web app
• SFB meeting security and public access
• federation security and trust analysis
• Further analysis of the crashes and parsing errors
identified for exploitation
• Social engineering templates for Viproxy and Viproy
• Viproy 4.0 with Skype for Business authentication,
fuzzing and discovery support
37. 37
Securing Unified Communications
Secure design is always the foundation
• Physical security of endpoints (e.g. IP phones,
teleconference rooms) should be improved
• Networks should be segmented based on their trust level
• Authentication and encryption should be enabled
• Protocol vulnerabilities can be fixed with secure design
• Disable unnecessary IM, call and meeting features
• Software updates should be reviewed and installed
38. 38
Previously on VoIP Wars
VoIP Wars I: Return of the SIP (Defcon, Cluecon, Ruxcon, Athcon)
•Modern VoIP attacks via SIP services explained
•SIP trust hacking, SIP proxy bounce attack and attacking mobile VoIP clients demonstrated
•https://youtu.be/d6cGlTB6qKw
VoIP Wars II : Attack of the Cisco phones (Defcon, Blackhat USA)
•30+ Cisco HCS vulnerabilities including 0days
•Viproy 2.0 with CUCDM exploits, CDP and Skinny support
•Hosted VoIP security risks and existing threats discussed
•https://youtu.be/hqL25srtoEY
The Art of VoIP Hacking Workshop (Defcon, Troopers, AusCERT, Kiwicon)
•Live exploitation exercises for several VoIP vulnerabilities
•3 0day exploits for Vi-vo and Boghe VoIP clients
•New Viproy 3.7 modules and improved features
•https://www.linkedin.com/pulse/art-voip-hacking-workshop-materials-fatih-ozavci
39. 39
References
Viproy VoIP Penetration and Exploitation Kit
Author : http://viproy.com/fozavci
Homepage : http://viproy.com
Github : http://www.github.com/fozavci/viproy-voipkit
VoIP Wars : Attack of the Cisco Phones
https://youtu.be/hqL25srtoEY
VoIP Wars : Return of the SIP
https://youtu.be/d6cGlTB6qKw
42. 42
Thank you
Head office is level 8, 66 King Street, Sydney, NSW 2000, Australia.
Owner of trademark and all copyright is Sense of Security Pty Ltd.
Neither text or images can be reproduced without written
permission.
T: 1300 922 923
T: +61 (0) 2 9290 4444
F: +61 (0) 2 9290 4455
info@senseofsecurity.com.au
www.senseofsecurity.com.au