In November 2015 Sense of Security had the opportunity to present the first part of our research on Microsoft Lync a.k.a Skype for Business to Black Hat Europe. We spoke about contemporary VoIP security issues, their applicability, and modern security weaknesses we had identified in Microsoft Lync. The research resulted in security advisories being issued by Sense of Security and Microsoft.
Another Sense of Security consultant presented at Black Hat Europe Arsenal. The presentation demonstrated how an attacker can utilise Cross-site Scripting (XSS) to execute arbitrary code on a web server when an administrative user inadvertently triggers a hidden XSS payload. Custom tools and payloads were integrated with Metasploit’s Meterpreter in a highly automated fashion and demonstrated live, including post-exploitation scenarios from compromised web applications.