[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

The Grugq (Independent Network Security Researcher)

Filed under: Main Page — Administrator @ 1:40 pm

February 23, 2006

Presentation Title: VoIPhreaking: SIPhallis Unveiled
Presentation Details:

The continued explosive growth of VoIP technology deployment has not been matched by security assessment technology. This talk will present a suite of new tools for VoIP security analysis: the VoIPy toolkit. With the release of the VoIPy tool kit, in particular, SIPhallis, a major barrier to comprehensive effective VoIP penetration testing has been removed. Examining vulnerabilities within the VoIP protocol suite, as well as common deployment problems exploited, this presentation will demonstate the VoIPy tool suite as framework for exploiting these vulnerabilities — ranging from free phone calls, to spoofing caller-id.

This presentation will focus on the new SIPhallis VoIP centric penetration tool, designed specifically to foster new and innovative VoIP security attacks. The talk will examine core VoIP vulnerabilities, and how SIPhallis can be used as the primary security assessment tool for a VoIP penetration test.

About The Grugq

The Grugq is a domain expert consultant on VoIP security, digital forensic analysis and reverse engineering. The Grugq has spent 7 years working with all aspects of information security, from penetration testing to solutions and product development. The Grugq’s career has seen him working for financials, security consulting companies, start-ups and, most recently, founding his own information security company.

The Grugq’s information security expertise ranges from penetration testing and source code auditting, through to rootkit technologies and advanced digital forensic analysis and investigation. Since 2001 the Grugq has been involved in active Voice over IP security research, recently completing successful audits for major European and Asian telcos.

The Grugq’s domain expertise in VoIP security has seen him present at conferences, release advisories and complete assessments for national European and major Asian telcos. Additionally, he has developed strategic whitepapers for enterprise VoIP deployments. Based on his experiences with numerous audits, the Grugq has developed a VoIP security assessment tool suite to facilitate more accurate, effective and rapid VoIP centric penetration testing.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner

Internet Bandwidth Sponsor

AIMS - Malaysia's Telecommunications Hub

Official Hotel

Westin Kuala Lumpur

CTF Sponsor


CTF Prize Sponsor

Scan Associates Berhad.

Our Speakers Are Supported By:

Bellua Asia Pacific

Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


ISECOM - Insititue for Security and Open Methodologies

IT Underground

Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore