Practical VoIP/UC Hacking Using Mr.SIP: SIP-Based Audit & Attack Tool

Presented at DEF CON 28 (2020) Virtual, Aug. 9, 2020, 3:30 p.m. (30 minutes).

In this talk, we will introduce the most comprehensive offensive VoIP security tool ever developed, Mr.SIP (comprehensive version). We will make a live attack demonstration using Mr.SIP in our security laboratory. Furthermore, we will also introduce novel SIP-based attacks using the vulnerabilities we found in the SIP retransmission mechanism and reflection logic. Mr.SIP is developed to assist security experts and system administrators who want to perform security tests for VoIP systems and to measure and evaluate security risks. It quickly discovers all VoIP components and services in a network topology along with the vendor, brand, and version information, detects current vulnerabilities, configuration errors. It provides an environment to assist in performing advanced attacks to simulate abuse of detected vulnerabilities. It detects SIP components and existing users on the network, intervenes, filters and manipulates call information, develops DoS attacks, breaks user passwords, and can test the server system by sending irregular messages. Status-controlled call flow and ability to bypass anomaly systems stand out as Mr.SIP's unique aspects. It also has strengths and competencies in terms of advanced fake IP address generation, fuzzing, password cracker, interactive inter-module attack kit, and MiTM features.

Presenters:

  • Ismail Melih Tas - Senior Expert in Offensive Security (PhD), Private Bank
    Melih Tas received B.Sc., M.Sc., and Ph.D. degrees in Computer Science & Engineering. He is working as Principal Penetration Tester in a private bank since 2015 in Istanbul, Turkey. He worked as multiple times award-winning entrepreneur and security expert in a private cybersecurity R&D company between 2010 and 2015 where he worked on funded projects. Previous to them, he also worked in a global troubleshooting center where he found the root causes of telecommunication security incidents and frauds and designed measures to prevent them from happening again. He wrote the National VoIP/UC Security Standard Draft by cooperating with Turkish Standards Institute. He is the author of open-source projects Mr.SIP: SIP-Based Audit and Attack Tool and SIP-DD: SIP-Based DDoS Defense Tool. He holds an OSCP certificate. He is an active speaker in hacker conferences including Black Hat Arsenal, Offzone and Nopcon. He likes to do bug bounty hunting in his spare time. His research interests include the design and analysis of both offensive and defensive security mechanisms in the fields of VoIP Security, Network Security, and Web/Mobile Application Security. @artinscience
  • Kubilay Ahmet Kucuk - Senior Security Researcher (PhD), University of Oxford
    Kubilay Ahmet Kucuk is a DPhil (Ph.D.) candidate at the University of Oxford. His research interests include the problem of secure remote computation, and architectures with TPM, TEEs, ARM TZ, seL4. With a focus on SGX, he received Ph.D. studentship from Intel and completed the AppTRE (Trustworthy Remote Entity) project in Prof. Andrew Martin's group. Before Oxford, he was a research assistant for five years at ETH Zürich, in D-MAVT Simulation Group. He led the software engineering in two CTI/Innosuisse funded projects in Industry 4.0 domain. These projects, the Face-gear Drive and the Next-Generation Virtual Feeder resulted in software products alive in the industry other than the journals.

Links:

Similar Presentations: