Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Tools for offensive RTC Security: introducing SIPVicious PRO and the demo server

Tools for offensive RTC Security: introducing SIPVicious PRO and the demo server

In his previous talk for TADSummit, Sandro spoke about why it is critical to take an offensive approach when dealing with SIP security. In this one, he shows how tools can help in testing RTC security as well as in learning more about offensive security for RTC. After a general overview of the landscape, he will focus on the work that his team has done on SIPVicious PRO and the target demo server that helps learn and show vulnerabilities in a lab environment.

Sandro Gauci

May 14, 2021
Tweet

More Decks by Sandro Gauci

Other Decks in Technology

Transcript

  1. TOOLS FOR OFFENSIVE
    RTC SECURITY
    Introducing SIPVicious PRO and the demo server
    Sandro Gauci, 2021-04-30

    View Slide

  2. INTRODUCTION

    View Slide

  3. WHO AM I?
    Developed SIPVicious OSS
    Leading Enable Security:
    Offensive RTC security
    Security research / penetration testing
    Consultancy and training
    We develop SIPVicious PRO

    View Slide

  4. CONTRIBUTE TO OPEN SOURCE RTC
    SECURITY?
    Yes we do!
    Security research and advisories
    Open-source tools, especially SIPVicious OSS (being
    updated)
    Our blog - Communication Breakdown at
    OpenSIPIt’01
    https://rtcsec.com
    https://opensipit.org/

    View Slide

  5. PREVIOUSLY AT A DIFFERENT TAD SUMMIT
    Why I think defensive security on its own is not
    enough
    The value of an offensive approach towards RTC
    security
    Why I think that RTC security lacks this approach:
    lack of training opportunities
    lack of robust testing tools

    View Slide

  6. AGENDA: WHAT THIS ONE IS ABOUT
    A brief look at the RTC offensive security landscape
    SIPVicious OSS
    SIPVicious PRO
    The demo server as your playground
    Demos and walk-throughs
    Future plans

    View Slide

  7. OFFENSIVE RTC
    SECURITY TOOLS
    LANDSCAPE

    View Slide

  8. THE AWESOME RTC HACKING LIST
    https://github.com/EnableSecurity/awesome-rtc-
    hacking

    View Slide

  9. A LITTLE ABOUT SIPVICIOUS OSS
    open-source, published back in 2007
    python-based
    3 main tools:
    svmap which is a scanner for SIP
    svwar which enumerates extensions on SIP
    devices
    svcrack that tries to guess passwords for SIP
    extensions

    View Slide

  10. SIPVICIOUS OSS DEMO!

    View Slide

  11. FAST FORWARD TO THE FUTURE (2021)
    the future is here

    View Slide

  12. Credit: https://unsplash.com/@agk42

    View Slide

  13. SIPVICIOUS PRO: AN INTRODUCTION
    shares the same name as SVOSS
    complete new code
    covers the entire RTC space not just SIP
    aims to be the most powerful offensive RTC security
    toolset

    View Slide

  14. SIPVICIOUS PRO DEMO!

    View Slide

  15. SIPVICIOUS PRO: FEATURE-SET
    Various new attacks supported e.g.:
    SIP ood
    RTP ood
    Digest leak
    RTP Bleed
    RTP inject
    Fuzzing
    Support for SIP over different transport protocols
    TCP, UDP, TLS and WebSockets

    View Slide

  16. SIPVICIOUS PRO: FEATURE-SET
    Integration within QA , including
    CI/CD pipelines
    SIP messages may be easily modi ed using a exible
    Support for RTP attacks
    Insane speed, especially useful for ood attacks with
    rate limiting capabilities
    Compliance to RFCs
    automation systems
    templating system

    View Slide

  17. TRAINING
    OPPORTUNITIES WITH
    THE DEMO SERVER

    View Slide

  18. WHY?
    needed a place to show SIPVicious PRO
    reliable/deterministic response to attacks

    View Slide

  19. WHAT IS IT?

    View Slide

  20. diagram

    View Slide

  21. VULNERABLE TO …
    EVERYTHING THAT CAN BE TESTED WITH SIPVICIOUS PRO
    (and more)
    SIP Digest Leak
    SIP extension enumeration
    SIP password cracking
    RTP Bleed
    RTP Inject
    RTP Flood
    TURN proxy abuse

    View Slide

  22. TALK TO ME ABOUT PROTOCOLS
    SIP on TCP/TLS/UDP/WebSocket
    RTP/SRTP SDES and DTLS
    TURN server
    WebRTC interface

    View Slide

  23. DEMO SERVER .. DEMO TIME!
    https://demo.sipvicious.pro/call/

    View Slide

  24. FUTURE PLANS
    SIPVicious PRO covering RTC in general, e.g. adding
    coverage of:
    XMPP
    STUN/TURN
    Custom signalling protocols
    Keep supporting SIPVicious OSS
    Demo server should be open-sourced (put some
    pressure on us)

    View Slide

  25. THANKS!
    Alfred Farrugia for developing most of SIPVicious
    PRO and the very cool web interface for calling over
    WebRTC
    Pinaki for helping keep SIPVicious OSS alive and
    kicking
    The TAD audience and Alan for inviting me to talk
    about security stuff :)

    View Slide

  26. SOME WAYS TO GET IN TOUCH
    Subscribe to our blog at
    Enable Security:
    https://www.rtcsec.com
    [email protected]
    https://enablesecurity.com/#contact-us

    View Slide