Awesome Real-time Communications hacking & pentesting resources / Newsletters |
RTCSec Newsletter | | | |
Awesome Real-time Communications hacking & pentesting resources / Presentation Slides |
Hacking VoIP Exposed | | | from Black Hat USA 2006 |
Mobile network hacking – All-over-IP edition | | | from SRLabs at Blackhat EU 2019 |
Monitoring SIP Traffic Using Support Vector Machines | | | |
Awesome Real-time Communications hacking & pentesting resources / Videos |
OpenSSL DoS (CVE-2022-0778) versus WebRTC infrastructure | | | |
TAD Summit EMEA Americas 2020: Getting offensive: a different approach to RTC security - Sandro Gauci | | | |
HITBHaxpo D1: VoLTE Phreaking - Ralph Moonen | | | |
Kamailio World 2019: The Various Ways Your RTC May Be Crushed - Sandro Gauci | | | |
Kamailio World 2018: A tale of two RTC fuzzing approaches - Sandro Gauci | | | |
Kamailio World 2017: Listening By Speaking - Security Attacks On Media Servers And RTP Relays - Sandro Gauci | | | |
Kamailio World 2016: 9 Years Of Friendly Scanning And Vicious SIP - Sandro Gauci | | | |
Kamailio World 2015: VoIP Security – Bluebox ng Continuous Pentesting - Sergio García Ramos | | | |
Kamailio World 2013: VoIP Security Tools - Anton Roman | | | |
Blackhat EU 2019: Mobile network hacking - All-over-IP edition - Karsten Nohl, Luca Melette & Sina Yazdanmehr | | | |
Jailbreak Brewing Company Security Summit: Whatsup with WhatsApp: A Detailed Walk Through of Reverse Engineering CVE-2019-3568 - Maddie Stone | | | |
RhurSec 2016: Eavesdropping on WebRTC Communication - Martin Johns | | | |
Hak5 1813: SSL Hack Workarounds and WebRTC Flaws | | | |
media.ccc.de: WebRTC Security - Stephan Thamm | | | (language: german) |
Awesome Real-time Communications hacking & pentesting resources / Advisories |
Cisco IOS and IOS XE SIP Protocol Denial of Service Vulnerability | | | |
Polycom Phones SIP Registration Credential Abuse | | | |
Cisco IOS XE Software NAT SIP Application Layer Gateway Denial of Service Vulnerability | | | |
Cisco TelePresence Video Communication Server SIP DoS Vulnerability | | | |
Voice over LTE implementations contain multiple vulnerabilities | | | |
Asterisk RTP Bleed | 38 | 5 months ago | |
Asterisk pjSIP CSeq Overflow | 38 | 5 months ago | |
Juniper Junos Router OS DoS | | | |
OpenScape Desk Phones HFA and SIP CSRF and Privilege Escalation | | | |
Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA | | | |
Interaction SIP Proxy Buffer Overflow in SIPParser() Leads to DoS | | | |
Asterisk pjSIP Multi Parser Out-of-Bound Memory Access | 38 | 5 months ago | |
Asterisk Skinny Memory Exhaustion | 38 | 5 months ago | |
Asterisk Stack Corruption in subscribe Message | 38 | 5 months ago | |
Asterisk Segfault with Invalid SDP fmtp Attribute | 38 | 5 months ago | |
Asterisk Segfault with Invalid Media Format Descriptiom | 38 | 5 months ago | |
Asterisk Segfault with INVITE Replay Attack | 38 | 5 months ago | |
Kamalio Off-By-One Heap Overflow | 38 | 5 months ago | |
New RCS technology exposes most mobile users to hacking | | | |
Zoom Communications user enumeration | | | |
|
SIPVicious OSS | 893 | about 2 years ago | A set of tools to audit SIP based systems |
SIPPTS | 442 | about 1 month ago | Another set of tools to audit VoIP servers and devices using SIP protocol |
bluebox-ng | 262 | over 7 years ago | Pentesting framework using Node.js powers, focused in VoIP |
SigPloit | 89 | almost 5 years ago | Tool which covers all used SS7, GTP (3G), Diameter (4G) or even SIP protocols for IMS and VoLTE infrastructures |
vsaudit | 107 | almost 7 years ago | VoIP security assessment framework |
rtpnatscan | 24 | about 7 years ago | Tool which tests for vulnerability |
VIPROY | 403 | almost 3 years ago | VoIP pentest framework which can be used with the metasploit-framework |
SIP Proxy | | | A VoIP security testing tool |
Metasploit auxiliary modules | 34,232 | 1 day ago | |
SIPp | | | : SIP based test tool / traffic generator |
|
SIPp digest leak scenario | | | |
|
Mr.SIP | 392 | over 1 year ago | SIP based audit and attack tool |
VoIPShark | 79 | almost 5 years ago | Open Source VoIP Analysis Platform |
Turner | 173 | 11 months ago | PoC for tunnelling HTTP over a permissive/open TURN server |
sipsak | 140 | 12 months ago | SIP swiss army knife, has some features that can be used for security testing (e.g. flood more or random mode) |
turnproxy | 26 | over 4 years ago | Tool to abuse open TURN relays |
SeeYouCM Thief | 179 | over 1 year ago | download and parse configuration files from Cisco phone systems searching for SSH credentials |
stunner | 763 | 15 days ago | a tool to test and exploit STUN, TURN and TURN over TCP servers |
VoIP Hopper | 67 | 10 months ago | a tool to exploit insecure VLANs that are often found in IP Telephony infrastructure |
Awesome Real-time Communications hacking & pentesting resources / Papers |
Performance Analysis of SIP Based VoIP Networks | | | ( ) |
Abusing SIP Authentication | | | |
Multiple Design Patterns for Voice over IP (VoIP) Security | | | |
Adaptive VoIP Steganography forInformation Hiding within Network Audio Streams | | | |
Realtime Steganography with RTP | | | ( ) |
A Lossless Steganography Technique for G.711 Telephony Speech | | | |
CallRank: Combating SPIT Using Call Duration, SocialNetworks and Global Reputation | | | |
Steganography of VoIP streams | | | |
Steganalysis of compressed speech to detect covert VoIP channels | | | |
Securing Voice over Internet Protocol | | | |
Protecting SIP Proxy Servers from Ringing-based Denial-of-Service Attacks | | | |
An ontology description for SIP security flaws | | | |
Analysis of DDoS Attacks in Heterogeneous VoIP Networks: A Survey | | | |
Change Point Detection for Monitoring SIP Networks | | | |
Network security systems to counter SIP-based denial-of-service attacks | | | |
Multilayer Secured SIP Based VoIP Architecture | | | |
Battling Against DDoS in SIP | | | |
Billing Attacks on SIP-Based VoIP Systems | | | |
Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems | | | |
An Analysis of Security Threats and Tools in SIP-Based VoIP Systems | | | |
Fast Detection of Denial-of-ServiceAttacks on IP Telephony | | | |
VoIP Security: Threat Analysis & Countermeasures | | | ( ) |
Voice Over IP - Security and SPIT | | | |
Awesome Real-time Communications hacking & pentesting resources / Blogs |
Communication Breakdown | | | A blog about VoIP, WebRTC and real-time communications security by Enable Security; (formerly SIPVicious blog) |
Pepelux blog | | | (Spanish) |
Awesome Real-time Communications hacking & pentesting resources / Notable blog posts and articles |
Understanding DTLS Usage in VoIP Communications | | | |
How we abused Slack's TURN servers to gain access to internal services | | | |
Analyzing WhatsApp Calls with Wireshark, radare2 and Frida | | | |
Adventures in Video Conferencing Part 1: The Wild World of WebRTC | | | |
Adventures in Video Conferencing Part 2: Fun with FaceTime | | | |
Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp | | | |
Adventures in Video Conferencing Part 4: What Didn't Work Out with WhatsApp | | | |
Adventures in Video Conferencing Part 5: Where Do We Go from Here? | | | |
Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms | | | |
Analyzing two FreeSWITCH vulnerabilities – CVE-2021-41157 & CVE-2021-37624 | | | |
Abusing Microsoft Teams Direct Routing | | | |
Kamailio’s exec module considered harmful | | | |
Awesome Real-time Communications hacking & pentesting resources / Books |
Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, Second Edition 2nd Edition | | | (published December 20, 2013) |
Hacking VoIP: Protocols, Attacks, and Countermeasures | | | (published March 21, 2008) |
SIP Security | | | (published April 27, 2009) |
|
SIPVicious PRO | | | |
Awesome Real-time Communications hacking & pentesting resources / Vulnerabilities |
RTP bleed | | | |
SIP Digest Leak | | | |
Awesome Real-time Communications hacking & pentesting resources / CTFs and playgrounds |
SIPVicious PRO demo server | | | for testing RTC attacks |
CSAW CTF Qualification Round 2020 / Tasks / WebRTC | | | a CTF that featured a WebRTC related challenge |
|
Awesome Cellular Hacking | 2,905 | 15 days ago | |
Awesome RTC | 359 | over 2 years ago | |
Awesome Telco | 698 | about 1 month ago | |
VoIP Security Resources | | | |