Get help by hiring us
Last updated: Nov 4, 2020
Our clients
- Service providers, telecom carriers, mobile operators
- Vendors of VoIP/IMS and WebRTC solutions
- CPaaS (communications platform as a service)
- Video conferencing platforms
- Contact center platforms
What we do
- Penetration Testing
- Security analysis and consultancy
- Denial of service simulation (DoS)
- Fuzzing exercises and setup
- Configuration security review
- Secure code audit
Experience
Target | Examples |
---|---|
Session Border Controllers (SBCs) | Kamailio, OpenSIPS, Audiocodes, Sonus SBC |
IP PBX servers | Asterisk, FreeSWITCH, Avaya Aura, Cisco Unified Communications |
Media servers | RTPEngine and proprietary solutions |
IM/Presence systems, XMPP servers | Ejabberd, OpenFire and Prosody |
Telecom solutions and Unified Communications systems | Broadworks (Cisco) |
Mobile softphones | Cisco (Broadsoft) Communicator and custom solutions |
Customer premises equipment (CPE | DSL, cable modems, SIP gateways |
Hardware phones and conference call equipment | Proprietary solutions |
WebRTC media gateways | Janus, proprietary solutions |
TURN server | Coturn |
Protocols and Standard test cases
- SIP (RFC 3261, 3264, 3265, 3665, 4568, 5621, 8760)
- Call relaying / dialplan security bypass
- INVITE flood (INVITE of death) / REGISTER flooding (Denial of Service (DoS) testing)
- SIP extension enumeration
- SIP digest leak attacks on vulnerable SIP endpoints and SIP proxies
- SIP routing vulnerabilities
- SIP header injection / smuggling tests
- Caller-ID spoofing
- SIP online cracking / password bruteforce
- Injection tests, for SQL injection / other injection vectors introduced through SIP
- Authentication bypass testing
- RTP (RFC 3550, 3711, 5761)
- RTP Flooding (Denial of Service (DoS) testing), especially targeting recording systems
- Media encryption tests, especially related to SRTP, SDES and DTLS
- RTP bleed and RTP injection attacks
- Call interception, eavesdropping due to lack of media or signalling encryption
- DTLS (RFC 6347, 5763, 5764)
- DTLS denial of service
- Certificate handling
- Weak ciphers
- Information disclosure vulnerabilities
- XMPP (RFC 6120, 6121)
- XMPP attacks for several XEPs (XMPP protocol extensions) and XMPP servers
- STUN (RFC 5389, 7350, 8489) and TURN (RFC 5766, 8656, 6062)
- TURN proxy abuse testing
- SIP TLS (RFC 3261, 5630)
- SIP TLS configuration review to identify TLS related weaknesses
- ICE (RFC 8445)
- Private IP leak
- Software specific tests
- Asterisk/Kamailio/OpenSIPS security configuration review
- Known and unknown vulnerabilities affecting target products / software packages
- Dialplan injection attacks and other attacks specific to the platform’s dialplan handling
- Provisioning security tests on TFTP, FTP, and HTTP protocols
- Network infrastructure specific tests
- In the case of local network infrastructure, VLAN hopping may be required
- Web application security tests
- OWASP Top 10 vulnerabilities
- SQL injection, LDAP injection, blind cross-site scripting (XSS) and other types of injection