Tools for offensive RTC Security: introducing SIPVicious PRO and the demo server

Transcript

1. TOOLS FOR OFFENSIVE RTC SECURITY Introducing SIPVicious PRO and the

   demo server Sandro Gauci, 2021-04-30

2. INTRODUCTION

3. WHO AM I? Developed SIPVicious OSS Leading Enable Security: Offensive

   RTC security Security research / penetration testing Consultancy and training We develop SIPVicious PRO

4. CONTRIBUTE TO OPEN SOURCE RTC SECURITY? Yes we do! Security

   research and advisories Open-source tools, especially SIPVicious OSS (being updated) Our blog - Communication Breakdown at OpenSIPIt’01 https://rtcsec.com https://opensipit.org/

5. PREVIOUSLY AT A DIFFERENT TAD SUMMIT Why I think defensive

   security on its own is not enough The value of an offensive approach towards RTC security Why I think that RTC security lacks this approach: lack of training opportunities lack of robust testing tools

6. AGENDA: WHAT THIS ONE IS ABOUT A brief look at

   the RTC offensive security landscape SIPVicious OSS SIPVicious PRO The demo server as your playground Demos and walk-throughs Future plans

7. OFFENSIVE RTC SECURITY TOOLS LANDSCAPE

8. THE AWESOME RTC HACKING LIST https://github.com/EnableSecurity/awesome-rtc- hacking

9. A LITTLE ABOUT SIPVICIOUS OSS open-source, published back in 2007

   python-based 3 main tools: svmap which is a scanner for SIP svwar which enumerates extensions on SIP devices svcrack that tries to guess passwords for SIP extensions

10. SIPVICIOUS OSS DEMO!

11. FAST FORWARD TO THE FUTURE (2021) the future is here

12. Credit: https://unsplash.com/@agk42

13. SIPVICIOUS PRO: AN INTRODUCTION shares the same name as SVOSS

    complete new code covers the entire RTC space not just SIP aims to be the most powerful offensive RTC security toolset

14. SIPVICIOUS PRO DEMO!

15. SIPVICIOUS PRO: FEATURE-SET Various new attacks supported e.g.: SIP ood

    RTP ood Digest leak RTP Bleed RTP inject Fuzzing Support for SIP over different transport protocols TCP, UDP, TLS and WebSockets

16. SIPVICIOUS PRO: FEATURE-SET Integration within QA , including CI/CD pipelines

    SIP messages may be easily modi ed using a exible Support for RTP attacks Insane speed, especially useful for ood attacks with rate limiting capabilities Compliance to RFCs automation systems templating system

17. TRAINING OPPORTUNITIES WITH THE DEMO SERVER

18. WHY? needed a place to show SIPVicious PRO reliable/deterministic response

    to attacks

19. WHAT IS IT?

20. diagram

21. VULNERABLE TO … EVERYTHING THAT CAN BE TESTED WITH SIPVICIOUS

    PRO (and more) SIP Digest Leak SIP extension enumeration SIP password cracking RTP Bleed RTP Inject RTP Flood TURN proxy abuse

22. TALK TO ME ABOUT PROTOCOLS SIP on TCP/TLS/UDP/WebSocket RTP/SRTP SDES

    and DTLS TURN server WebRTC interface

23. DEMO SERVER .. DEMO TIME! https://demo.sipvicious.pro/call/

24. FUTURE PLANS SIPVicious PRO covering RTC in general, e.g. adding

    coverage of: XMPP STUN/TURN Custom signalling protocols Keep supporting SIPVicious OSS Demo server should be open-sourced (put some pressure on us)

25. THANKS! Alfred Farrugia for developing most of SIPVicious PRO and

    the very cool web interface for calling over WebRTC Pinaki for helping keep SIPVicious OSS alive and kicking The TAD audience and Alan for inviting me to talk about security stuff :)

26. SOME WAYS TO GET IN TOUCH Subscribe to our blog

    at Enable Security: https://www.rtcsec.com [email protected] https://enablesecurity.com/#contact-us