Skip to main content

Tags denial of service

OpenSIPS Security Audit Report is fully disclosed and out there

It’s almost a year since the OpenSIPS project published a minimized version of our security audit report from 2022. Now, the full version has been published, with all the information intact on how to reproduce the vulnerabilities and extra details in an 80+ page report. The OpenSIPS security audit report can be found here. What is the OpenSIPS security audit? OpenSIPS is a SIP server that often has a critical security function within an IP communications system.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms

Executive summary (TL;DR) Exploiting CVE-2022-0778 in a WebRTC context requires that you get a few things right first. But once that is sorted, DoS (in RTC) is the new RCE! How I got social engineered into looking at CVE-2022-0778 A few days ago, Philipp Hancke, self-proclaimed purveyor of the dark side of WebRTC, messaged me privately with a very simple question: “are you offering a DTLS scanner by chance?” He explained how in the context of WebRTC it would be a bit difficult since you need to get signaling right, ICE (that dance with STUN and other funny things) and finally, you get to do your DTLS scans.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Killing bugs … one vulnerability report at a time

Executive summary (TL;DR) We tell the story behind the latest FreeSWITCH advisories and how it all came together one sleepless night in April 2021 so that we ended up with 4 vulnerabilities that needed reporting. And then, one more vulnerability found due to a bug in our own software, SIPVicious PRO. We explain how these flaws were discovered, reported, fixed and what we ultimately learned through this process. What is this about?…

Read more »

One presentation at ClueCon and five security advisories for FreeSWITCH

The FreeSWITCH team has just published version v1.10.7 which fixes a number of security issues that we reported. If you use FreeSWITCH, please do upgrade to get these security updates. To learn about the background work that went into getting these security bugs squashed, follow Sandro’s talk called Killing bugs … one vulnerability report at a time. This will be presented at at ClueCon on Thursday, October 28th. Here are the titles of each advisory and a very short summary:…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Why volumetric DDoS cripples VoIP providers and what we see during pentesting

Published on Oct 13, 2021 in ,

An epiphany Until a few days ago, I was of the opinion that simulating volumetric DDoS attacks is not something we should be doing. If you had asked us for such a test, we would have given you a negative answer. Ironically, we had been unwittingly simulating volumetric DDoS attacks while quietly ignoring our own results. But, it’s time to stop neglecting bandwidth saturation and start giving it the attention that it deserves.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

Massive DDoS attacks on VoIP Providers and simulated DDoS testing

Published on Sep 24, 2021 in ,

VoIP.ms and other VoIP providers under DDoS attack At the time of writing, a major VoIP provider called VoIP.ms is under a distributed denial of service (DDoS) attack since over a week. As a result, they are unable to serve their customers with everyone and their dog complaining that they cannot connect to VoIP.ms’s SIP servers as well as other resources. At the same time, someone claiming to be part of the REvil ransomware group is blackmailing the provider.…

Read more »

DEMO - An overview of the VoIP and RTC offensive security toolset, SIPVicious PRO

We pushed out a video that introduces the basics of SIPVicious PRO by demonstrating some of the attack tools and showing the building blocks for automating security testing of VoIP and WebRTC applications and infrastructure. What follows is a transcript of the video. Introduction Hello, I’m Sandro Gauci from Enable Security. In this video, I’d like to show you what we have been working on, SIPVicious PRO! Let’s start by introducing the tools.…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

TADSummit Asia 2021 talk about SIPVicious Pro and the Demo Server

TADSummit is a great event where people from different backgrounds that are somehow involved in communications, contribute in various ways. I, personally, always look forward to see what’s coming up in the next TADSummit event. At the moment, TADSummit Asia presentations are currently being released on a daily basis on the main site. And last week, the presentation that I prepared was published! In the previous TADSummit, I had presented about why we need to bring an offensive approach to RTC security.…

Read more »

Fuzzing PJSIP and chan_skinny, vulnerability information and advisories

Published on May 23, 2017 in , , , ,

In the recent past, Alfred Farrugia and myself started looking at fuzzing OpenSource VoIP projects such as Asterisk, FreeSWITCH and Kamailio and their dependencies. Our internal Enable Security project was given the unimaginative name of rtcfuzz and, by now, we are making use of a combination of public tools like American Fuzzy Lop and Radamsa, together with our internal tools …And is, of course, giving us some good results. We reported three issues to Digium, two of which actually affect PJSIP and one of which affect chan_skinny.…

Read more »

How to crash SIPVicious - introducing svcrash.py

Published on Jun 22, 2010 in , ,

A new tool has been added to SIPVicious - svcrash.py. As the name implies, it crashes something - svwar.py and svcrack.py. This tool is meant to be used by system administrators and organizations that are receiving unauthorized scans on their exposed IP PBX. Quick links: Download the latest version :: Watch a short demo of svcrash.py Since this is a little different from the usual, I’ll provide a bit of background first.…

Read more »