Confidence

Sandro Gauci

Title: Scanning the Intertubes for VoIP

Bio:
Sandro Gauci is the owner and Founder of EnableSecurity where he performs R&D and security consultancy for mid-sized companies. Sandro has over 8 years experience in the security industry and is focused on analysis of security challenges and providing solutions to such threats. His passion is vulnerability research and has previously worked together with various vendors such as Microsoft and Sun to fix security holes.

Sandro is the author of the free VoIP security scanning suite SIPVicious and VOIPPACK for CANVAS.

List of our publications:

  • Surf Jacking - or HTTPS will not save you.
  • The Extended HTML Form Attack Revisited.
  • Bypassing JavaScript Filters - the Flash! Attack.
  • Microsoft Passport Account Hijack Attack.
More at enablesecurity.com and eyeonsecurity.org

Abstract:
Sandro will take a look at methods of scanning for VoIP devices on the Internet, and what sort of results we achieved. Also cover fingerprinting these devices and what sorts of security vulnerabilities they have. He will demonstrate a security flaw that affects most SIP phones out there that gets them to leak out their credentials. Sandro will also go through what my VoIP honeypot was able to pick up and talk about what others, including cybercrime, are doing when it comes to VoIP.