Sandro Gauci, Enable Security
ClueCon Weekly with Sandro Gauci, demonstration of SIP Digest Leak
Published on Oct 16, 2020 in conferences, sip security, sip security testing
ClueCon weekly is a regular video by the people behind Freeswitch and Signalwire, hosted by the very friendly David Duffet. I had the pleasure of recording an interview and a presentation with David a few weeks back. If you would like a summary of what the video chat was about, scroll down to the points below. Otherwise, hope you enjoy the chat as much as I did! Summary Here’s an outline of what went on:…
Read more »Sandro Gauci, Enable Security
RTC Security chat at Kamailio World Online with Daniel and Olle
Published on Oct 5, 2020 in conferences, kamailio, voip security, webrtc security, sip security testing
It’s been a month already since the Kamailio World RTC security chat! The conversation included Daniel-Constantin Mierla and Olle E. Johansson from the Kamailio project and myself. Daniel is the lead developer of Kamailio, can be found at ASIPTO while Olle is behind Edvina.net. If you don’t have time to watch the entire conversation, the following is my summary of this discussion: Introductions and discussions After introductions from Daniel, I took lead to briefly mention what we at Enable Security have been up to, including our work on SIPVicious PRO, our research on WebRTC security especially regarding the TURN server abuse vulnerability, our work on DoS in VoIP and WebRTC infrastructure and finally, research on how Kamailio may be (mis)configured to introduce vulnerabilities.…
Read more »Sandro Gauci, Enable Security
The great Kamailio security debate and some misconceptions debunked
Published on Sep 22, 2020 in kamailio, sip security
Introduction The Kamailio community has always been very welcoming to us since our first connection in 2015 where I gave a dangerous demo showing the open-source version of SIPVicious scanning the Internet and discovering all sorts of SIP devices. Since then, we’ve been contributing through presentations at Kamailio World each year, highlighting various security concerns for the RTC community and the occasional security report and advisory urging people to upgrade their Kamailio.…
Read more »Kamailio World Online SIP and VoIP Security Panel
Published on Aug 27, 2020 in sip security, conferences, webrtc security, voip security, kamailio
On 2nd September, 14:00-14:30 Berlin time, the author of this post is joining Olle E. Johansson to chat at Kamailio World online about (guess what?) SIP and VoIP security, and recommendations on how working from home impacts security. I very much look forward to our discussions that will be streamed live on the Kamailio World youtube channel! My arguments will likely be turned into an opinion piece later on, but they’ll likely steer towards the following thoughts:…
Read more »Bug bounty bout report 0x01 - WebRTC edition
Published on Jun 16, 2020 in webtc security, bug bounty, stunner
Read the full report here. In April 2020, in between SIPVicious PRO development and pentesting VoIP and WebRTC, we dedicated some days to bug bounties and vulnerability disclosure programs to see what comes out of it. Our focus was on those that have WebRTC infrastructure in scope. In the end, we reported 3 vulnerabilities to 4 different vendors, for 6 different products. So finally, after making sure that the affected vendors have addressed these security issues and have agreed with publication, we are putting out a compiled report!…
Read more »SIPVicious PRO v6.0.0 alpha.5 available to our clients
Published on Jun 3, 2020 in sipvicious pro, security-tools, sipvicious releases
With great pleasure, we announce the availability of the v6.0.0-alpha.5 version of SIPVicious PRO. This is a major update since most of the promised feature-set of the existent modules is now available. While you are encouraged to read the release notes, the main highlights are the following: Target demo server (demo.sipvicious.pro) now implemented, used throughout the documentation for attack examples and training purposes An extensive getting started page is now available, with instructions on how to use most of the modules Exit codes!…
Read more »A gentle introduction to caller ID spoofing
Published on May 7, 2020 in caller id spoofing, sip security
Introduction Phone and real-time communications systems in general make use of caller ID to indicate who is calling when a phone is ringing. Caller ID is that little number that shows up on your phone telling you that it is your boss calling. The number is often matched against your phone book to show an actual name. This feature is not only available on PSTN (public switched telephone network) but also in the VoIP systems that have been replacing it in the past dozen or so years.…
Read more »Awesome RTC hacking list published on Github
Published on Apr 29, 2020
We have been collecting lists of resources related to RTC security, namely VoIP, WebRTC and VoLTE which we just made available on our Github. Please contribute and share! So far, the list contains awesome links for the following topics: Presentation Slides Videos Advisories Open-source tools Papers Blogs Notable blog posts and articles Books Commercial tools Vulnerabilities Related lists So, what are we missing? Get in touch on Twitter or submit a pull request.…
Read more »What’s up with SIPVicious PRO?
Published on Mar 30, 2020 in sipvicious pro, security tools
In the past 3 years we have been working on developing SIPVicious PRO during our work as penetration testers and in between engagements. Since our chief demolition officer, Alfred joined up with Enable Security, the development has had a much-needed push so that we started making it available to a limited number of companies that happen to be our clients. Today, we’re making version 6.0.0-alpha.4 available to our clients which includes Opus support, further support for SRTP and of course, a number of bug fixes.…
Read more »Sandro Gauci, Enable Security
SIPVicious OSS 0.3.0 released
Published on Mar 10, 2020 in sipvicious oss, security tools, sipvicious releases
It’s been a few years since we released a new version of SIPVicious. Truth is, we were working on SIPVicious PRO which we started making available to some of our clients. Many people still use the open-source version of SIPVicious and it is included in various pentest Linux distributions, and definitely is useful to a number of people (especially after they change the user-agent string). And so, with the impending Python2 apocalypse, we decided to make a new release, porting SIPVicious OSS to Python 3 and including various updates that happened since 2015 in the master branch.…
Read more »