Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Tools for offensive RTC Security: introducing SIPVicious PRO and the demo server

Tools for offensive RTC Security: introducing SIPVicious PRO and the demo server

In his previous talk for TADSummit, Sandro spoke about why it is critical to take an offensive approach when dealing with SIP security. In this one, he shows how tools can help in testing RTC security as well as in learning more about offensive security for RTC. After a general overview of the landscape, he will focus on the work that his team has done on SIPVicious PRO and the target demo server that helps learn and show vulnerabilities in a lab environment.

192a78d487076b95fb3562ad601a1535?s=128

Sandro Gauci

May 14, 2021
Tweet

More Decks by Sandro Gauci

Other Decks in Technology

Transcript

  1. TOOLS FOR OFFENSIVE RTC SECURITY Introducing SIPVicious PRO and the

    demo server Sandro Gauci, 2021-04-30
  2. INTRODUCTION

  3. WHO AM I? Developed SIPVicious OSS Leading Enable Security: Offensive

    RTC security Security research / penetration testing Consultancy and training We develop SIPVicious PRO
  4. CONTRIBUTE TO OPEN SOURCE RTC SECURITY? Yes we do! Security

    research and advisories Open-source tools, especially SIPVicious OSS (being updated) Our blog - Communication Breakdown at OpenSIPIt’01 https://rtcsec.com https://opensipit.org/
  5. PREVIOUSLY AT A DIFFERENT TAD SUMMIT Why I think defensive

    security on its own is not enough The value of an offensive approach towards RTC security Why I think that RTC security lacks this approach: lack of training opportunities lack of robust testing tools
  6. AGENDA: WHAT THIS ONE IS ABOUT A brief look at

    the RTC offensive security landscape SIPVicious OSS SIPVicious PRO The demo server as your playground Demos and walk-throughs Future plans
  7. OFFENSIVE RTC SECURITY TOOLS LANDSCAPE

  8. THE AWESOME RTC HACKING LIST https://github.com/EnableSecurity/awesome-rtc- hacking

  9. A LITTLE ABOUT SIPVICIOUS OSS open-source, published back in 2007

    python-based 3 main tools: svmap which is a scanner for SIP svwar which enumerates extensions on SIP devices svcrack that tries to guess passwords for SIP extensions
  10. SIPVICIOUS OSS DEMO!

  11. FAST FORWARD TO THE FUTURE (2021) the future is here

  12. Credit: https://unsplash.com/@agk42

  13. SIPVICIOUS PRO: AN INTRODUCTION shares the same name as SVOSS

    complete new code covers the entire RTC space not just SIP aims to be the most powerful offensive RTC security toolset
  14. SIPVICIOUS PRO DEMO!

  15. SIPVICIOUS PRO: FEATURE-SET Various new attacks supported e.g.: SIP ood

    RTP ood Digest leak RTP Bleed RTP inject Fuzzing Support for SIP over different transport protocols TCP, UDP, TLS and WebSockets
  16. SIPVICIOUS PRO: FEATURE-SET Integration within QA , including CI/CD pipelines

    SIP messages may be easily modi ed using a exible Support for RTP attacks Insane speed, especially useful for ood attacks with rate limiting capabilities Compliance to RFCs automation systems templating system
  17. TRAINING OPPORTUNITIES WITH THE DEMO SERVER

  18. WHY? needed a place to show SIPVicious PRO reliable/deterministic response

    to attacks
  19. WHAT IS IT?

  20. diagram

  21. VULNERABLE TO … EVERYTHING THAT CAN BE TESTED WITH SIPVICIOUS

    PRO (and more) SIP Digest Leak SIP extension enumeration SIP password cracking RTP Bleed RTP Inject RTP Flood TURN proxy abuse
  22. TALK TO ME ABOUT PROTOCOLS SIP on TCP/TLS/UDP/WebSocket RTP/SRTP SDES

    and DTLS TURN server WebRTC interface
  23. DEMO SERVER .. DEMO TIME! https://demo.sipvicious.pro/call/

  24. FUTURE PLANS SIPVicious PRO covering RTC in general, e.g. adding

    coverage of: XMPP STUN/TURN Custom signalling protocols Keep supporting SIPVicious OSS Demo server should be open-sourced (put some pressure on us)
  25. THANKS! Alfred Farrugia for developing most of SIPVicious PRO and

    the very cool web interface for calling over WebRTC Pinaki for helping keep SIPVicious OSS alive and kicking The TAD audience and Alan for inviting me to talk about security stuff :)
  26. SOME WAYS TO GET IN TOUCH Subscribe to our blog

    at Enable Security: https://www.rtcsec.com sandro@enablesecurity.com https://enablesecurity.com/#contact-us