We write about VoIP, WebRTC and real-time communications security.
Abusing SIP for Cross-Site Scripting? Most definitely!
Bug discovery diaries: Abusing VoIPmonitor for Remote Code Execution
Details about CVE-2020-26262, bypass of Coturn's default access control protection
Bug discovery diaries: uncovering sngrep overflow issues with blackbox fuzzing
Smuggling SIP headers past Session Border Controllers FTW!
Attacking a real VoIP System with SIPVicious OSS
Jitsi Meet on Docker default passwords - how bad is it, how to detect and fix it
How we abused Slack's TURN servers to gain access to internal services