Our published works
Over the years, we have published technical papers, security tools and advisories to share our insights with the security community and the public.
- ES2021-04 VoIPmonitor static builds are compiled without any standard memory corruption protection
- ES2021-03 VoIPmonitor is vulnerable to a buffer overflow when using the live sniffer
- ES2021-02 VoIPmonitor WEB GUI vulnerable to Cross-Site Scripting via SIP messages
- ES2021-01 Loopback access control bypass in coturn by using 0.0.0.0, [::1] or [::] as the peer address
- ES2020-04 sngrep crashes due to a stack overflow caused by a malformed SDP connection address
- ES2020-03 sngrep crashes due to a buffer overflow caused by a malformed SDP media type
- ES2020-02 Asterisk crash due to INVITE flood over TCP
- ES2020-01 Kamailio vulnerable to header smuggling possible due to bypass of remove_hf
- ES2018-05 Kamailio heap overflow
- ES2018-04 Asterisk PJSIP tcp segfault
- ES2018-03 Asterisk PJSIP SDP invalid media format description segfault
- ES2018-02 Asterisk PJSIP SDP invalid fmtp segfault
- ES2018-01 Asterisk PJSIP SUBSCRIBE stack corruption
- ES2017-04 Asterisk vulnerable to RTP Bleed
- ES2017-03 Asterisk Skinny memory exhaustion vulnerability leads to DoS
- ES2017-02 Out of bound memory access in PJSIP multipart parser crashes Asterisk
- ES2017-01 Heap overflow in CSEQ header parsing affects Asterisk chan_pjsip and PJSIP
- Surf Jacking “HTTPS will not save you”: Attackers exploiting this vulnerability are able to hijack an HTTP session even when the victim and the attacker’s connection is encrypted using SSL or TLS.
- The Extended HTML Form Attack Revisited: A generic security flaw which affects various web browsers such as Internet Explorer, Opera and Safari. This vulnerability allows attackers to launch Cross Site Scripting attacks by making use of non-HTTP protocols.
Open source and Free Tools
- Storming SIP Security: An article published in the 02/08 issue of Hakin9. Why IP Phone Systems are the new target. How VoIP systems can be broken into or simply abused for Toll Fraud. What you can do to prevent this.
- When best intentions go wrong: Debian OpenSSL vulnerability and how it affects the solutions that we (security professionals) recommend. Published on (IN)Secure Magazine.
- Closing a can of worms: Tackling the assumption that network traffic cannot be intercepted or modified during transit. Published on (IN)Secure Magazine.
- How security can hurt us: The more you spend on security does not necessarily equal more security. Published on (IN)Secure Magazine
Notable blog posts
- Kamailio World 2019 - The Various Ways Your RTC May Be Crushed (video)
- Berlin RTC Meetup - WebRTC Infrastructure Security
- Kamailio World 2018 - A tale of two RTC fuzzing approaches (video, slides)
- Kamailio World 2017 - Listening By Speaking – An Under-Estimated Security Attack On Media Servers And RTP Relays (video)
- Kamailio World 2016 - 9 Years Of Friendly Scanning And Vicious SIP (video)
- HackPra 2013 - Webapp Exploit Payloads tools built for & during the job (video)
- Bsides London 2012 - Escalating privileges on common webapps (video)
- Hack in the Box Malaysia 2011 - VoIP Security workshop: Attacking CUCM
- IIT’s RTC Conference and Expo 2011 - Practical Fraud Attacks on VoIP Systems
- SECURE 2011 Poland - Attacks on VoIP (Workshop)
- AstriCon 2010 Washington DC - Just how vulnerable is your VoIP system?
- Hackcon Norway 2010
- Hackito Ergo Sum France 2010 - Attacking VoIP; attacks and the attackers
- Troopers 2009 - The Truth about Web Application Firewalls (video)
- Shakacon 2009 - Web Application Firewalls: What the vendors do not want you to know
- OWASP Europe 2009 - Web Application Firewalls
- Ph-neutral 2009 - Web Application Firewalls
- BruCON Belgium 2009 - VoIP pentesting workshop
- Hack.lu Luxembourg 2009 - VoIP pentesting workshop
- CONFidence Krakow 2009 - Scanning the Intertubes for VOIP (pdf)
- SEC-T Sweden 2009 - Scanning the Intertubes for VOIP (video)