Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Tools for offensive RTC Security: introducing S...

Tools for offensive RTC Security: introducing SIPVicious PRO and the demo server

In his previous talk for TADSummit, Sandro spoke about why it is critical to take an offensive approach when dealing with SIP security. In this one, he shows how tools can help in testing RTC security as well as in learning more about offensive security for RTC. After a general overview of the landscape, he will focus on the work that his team has done on SIPVicious PRO and the target demo server that helps learn and show vulnerabilities in a lab environment.

Sandro Gauci

May 14, 2021
Tweet

More Decks by Sandro Gauci

Other Decks in Technology

Transcript

  1. WHO AM I? Developed SIPVicious OSS Leading Enable Security: Offensive

    RTC security Security research / penetration testing Consultancy and training We develop SIPVicious PRO
  2. CONTRIBUTE TO OPEN SOURCE RTC SECURITY? Yes we do! Security

    research and advisories Open-source tools, especially SIPVicious OSS (being updated) Our blog - Communication Breakdown at OpenSIPIt’01 https://rtcsec.com https://opensipit.org/
  3. PREVIOUSLY AT A DIFFERENT TAD SUMMIT Why I think defensive

    security on its own is not enough The value of an offensive approach towards RTC security Why I think that RTC security lacks this approach: lack of training opportunities lack of robust testing tools
  4. AGENDA: WHAT THIS ONE IS ABOUT A brief look at

    the RTC offensive security landscape SIPVicious OSS SIPVicious PRO The demo server as your playground Demos and walk-throughs Future plans
  5. A LITTLE ABOUT SIPVICIOUS OSS open-source, published back in 2007

    python-based 3 main tools: svmap which is a scanner for SIP svwar which enumerates extensions on SIP devices svcrack that tries to guess passwords for SIP extensions
  6. SIPVICIOUS PRO: AN INTRODUCTION shares the same name as SVOSS

    complete new code covers the entire RTC space not just SIP aims to be the most powerful offensive RTC security toolset
  7. SIPVICIOUS PRO: FEATURE-SET Various new attacks supported e.g.: SIP ood

    RTP ood Digest leak RTP Bleed RTP inject Fuzzing Support for SIP over different transport protocols TCP, UDP, TLS and WebSockets
  8. SIPVICIOUS PRO: FEATURE-SET Integration within QA , including CI/CD pipelines

    SIP messages may be easily modi ed using a exible Support for RTP attacks Insane speed, especially useful for ood attacks with rate limiting capabilities Compliance to RFCs automation systems templating system
  9. VULNERABLE TO … EVERYTHING THAT CAN BE TESTED WITH SIPVICIOUS

    PRO (and more) SIP Digest Leak SIP extension enumeration SIP password cracking RTP Bleed RTP Inject RTP Flood TURN proxy abuse
  10. FUTURE PLANS SIPVicious PRO covering RTC in general, e.g. adding

    coverage of: XMPP STUN/TURN Custom signalling protocols Keep supporting SIPVicious OSS Demo server should be open-sourced (put some pressure on us)
  11. THANKS! Alfred Farrugia for developing most of SIPVicious PRO and

    the very cool web interface for calling over WebRTC Pinaki for helping keep SIPVicious OSS alive and kicking The TAD audience and Alan for inviting me to talk about security stuff :)
  12. SOME WAYS TO GET IN TOUCH Subscribe to our blog

    at Enable Security: https://www.rtcsec.com [email protected] https://enablesecurity.com/#contact-us