The June RTCSec newsletter is out. A lot of this month happens to be about TURN, the NAT-traversal protocol behind WebRTC: - DragonForce ransomware is now hiding its command-and-control inside Microsoft Teams TURN relays. Symantec calls it the first publicly documented case of a threat actor abusing TURN infrastructure for C2. On the wire it looks like an ordinary Teams call, so it rides straight through perimeters that safelist Microsoft ranges. - SySS released TURNado, an open-source toolkit for testing and exploiting TURN servers: internal IP disclosure, relaying traffic to internal services, a SOCKS proxy or layer-3 tunnel, and a DoS mode. - coturn shipped new hardening defaults (4.13.1 and 4.14.0, including a native amplification rate limit) plus three more CVEs, including a default loopback bypass. We refreshed our coturn security configuration guide to match. On the SIP side, FRAFOS caught a toll-fraud actor laundering calls through 231 misconfigured Cisco Expressways, and SignalWire shipped a large FreeSWITCH advisory batch led by a pre-auth heap overflow in mod_verto (CVE-2026-49841, CVSS 9.8). We also gave a CommCon 2026 talk introducing conferencing1, the first WebRTC-native scenario for our DVRTC lab. Read it: https://lnkd.in/duWbD9qW #VoIP #WebRTC #InfoSec #CyberSecurity #RTCSec
Enable Security GmbH
Information Technology & Services
Passau, Bavaria 770 followers
Offensive security tools and quality penetration testing to help protect your real-time communications systems.
About us
Enable Security provides offensive security tools and services, including Penetration Testing, to help clients create secure Real-time Communications (RTC) systems. Our clients are able to measure the robustness of their RTC security consistently and observe significant improvement in the robustness of their system. Founded back in 2008 by Sandro Gauci, Enable Security has been providing high quality security testing and penetration testing services covering phone systems, web applications, network infrastructure, wireless and various other attack targets. Enable Security GmbH was incorporated in December 2015, with its head-quarters based in Germany from where it operates as a distributed, remote company. The team at Enable Security takes a creative, manual approach, building their own security tools and taking the course of thinking like an attacker. This gives Enable Security the cutting edge in discovering and reporting vulnerabilities that conventional scanning tools or generic pentesting cannot find. The team behind Enable Security has extensive industry experience and expertise in the field of IT security. It now focuses its efforts in the area that its team is most passionate about: Real-Time Communications (RTC) security, including VoIP and WebRTC infrastructure. Follow our blog at https://www.rtcsec.com
- Website
-
https://www.enablesecurity.com
External link for Enable Security GmbH
- Industry
- Information Technology & Services
- Company size
- 2-10 employees
- Headquarters
- Passau, Bavaria
- Type
- Privately Held
- Founded
- 2008
- Specialties
- Penetration Testing, Security research, VoIP security, WebRTC security, and Security tools
Locations
-
Primary
Get directions
Neuburger Straße 101 B
Passau, Bavaria 94036, DE
Employees at Enable Security GmbH
Updates
-
The May 2026 RTCSec newsletter is out. This month: - SIPConfusion: NDSS 2026 research from Tsinghua University showing how SIP's ambiguities let attackers forge caller ID and spoof SMS across VoIP, VoLTE and RCS. - FreeSWITCH 1.11.0/1.11.1: an unauthenticated SIP PUBLISH denial-of-service (CVE-2026-45771), plus a stack of other media-path fixes. - OpenSIPS security batch: twelve advisories and eight CVEs (three critical), five of the reports came from our team at Enable Security. Also in this edition: coturn and Janus security updates, Cryptex negotiation landing in libWebRTC (RTP header extensions and CSRCs finally getting encrypted), and our Damn Vulnerable RTC talks and workshop from OpenSIPS Summit and Kamailio World. The SIPConfusion work lands close to home. It's not memory corruption, it's different components disagreeing about the same untrusted SIP headers, which is request smuggling but for identities. Read it: https://lnkd.in/dQcDj5fT #VoIP #WebRTC #InfoSec #CyberSecurity #RTCSec
-
Enable Security GmbH reposted this
#OpenSIPSSummit, Day #3 Sandro Gauci @ Enable Security GmbH Securing Damn Vulnerable #RTC #sip #voip #telecom #security #opensource
-
-
Enable Security GmbH reposted this
Later today I will be running a hands-on workshop at OpenSIPS Summit 2026: Securing Damn Vulnerable RTC. DVRTC is an intentionally vulnerable VoIP and RTC lab. For this session we will work with the pbx2 scenario, based on OpenSIPS, FreeSWITCH, rtpproxy, Nginx and SQLite. The format is attack, fix, verify: 1. I show an attack working 2. The room discusses how to fix it 3. We implement the fix live 4. We run the attack again to verify the result 5. We discuss the production trade-offs The exercise menu includes weak SIP credentials, SIP flood and rate limiting, FreeSWITCH Lua SQL injection, RTP Bleed, SIP digest leaks, recording storage abuse, INVITE-based SIP enumeration, and plaintext SIP/RTP. We will complete as many cycles as time allows. The goal is not just to show vulnerable configs, but to discuss realistic remediation choices with people who run and secure RTC systems. The workshop will be streamed on YouTube. If you work with OpenSIPS, FreeSWITCH, SIP, VoIP security, or RTC infrastructure, feel free to join. https://lnkd.in/dZNyFyWA
OpenSIPS Summit 2026 in Bucharest, Day 3
https://www.youtube.com/
-
Enable Security GmbH reposted this
I presented at #OpenSIPSSummit 2026 on extending DVRTC, Damn Vulnerable Real-Time Communications. The talk walked through how we are building intentionally vulnerable RTC environments for hands-on VoIP and WebRTC security testing, with a focus on the new OpenSIPS and FreeSWITCH-based scenarios. The slides cover: - why realistic RTC security labs are useful - how DVRTC is structured - the OpenSIPS and FreeSWITCH additions - example attack paths and demo scenarios - ideas for extending DVRTC further If you work with SIP, OpenSIPS, FreeSWITCH, VoIP security, or RTC infrastructure, I would love to hear what vulnerable scenarios you would like to see added next.
-
Enable Security GmbH reposted this
#OpenSIPSSummit 2026, Day 1 Sandro Gauci @ Enable Security GmbH talking about #Vulnerable Real-Time #Communications #sip #voip #rtc #telecom #opensource
-
-
April RTCSec newsletter is out. AI-assisted vulnerability research dominated this month. Mozilla announced 271 Firefox vulnerabilities found using Claude Mythos Preview (including WebRTC fixes), and Calif.io explicitly credits Claude in 8 of the 22 CVEs fixed in wolfSSL 5.9.1. The wolfSSL release includes a DTLS 1.3 heap overflow and a CVSS 9.3 certificate forgery that affects SIP/TLS and WSS deployments. On the infrastructure side: - Kamailio patched a core TCP crash (CVE-2026-39863) that affects most production deployments - PJSIP 2.17 brings the advisory count to 13 across two months, including a GnuTLS cert verification bypass - coturn 4.10.0 fixes more than the advisory suggests, with unreported OAuth and message framing issues - Three Linux kernel netfilter SIP/H.323 helper CVEs landed, reinforcing the "don't use SIP ALG" advice I'll be presenting DVRTC at OpenSIPS Summit (Bucharest, Apr 28), Kamailio World (Berlin, May 8), and CommCon (Dusseldorf, June 9-11). Three conferences, three different attack scenarios. Come say hi if you're around. Read the full newsletter: https://lnkd.in/d-b4D53z #VoIP #WebRTC #InfoSec #CyberSecurity #RTCSec
-
DVRTC now has a second vulnerable scenario. For those new to it: DVRTC (Damn Vulnerable Real-Time Communications) is our intentionally vulnerable VoIP and WebRTC lab for hands-on security training, similar in spirit to DVWA but for SIP, RTP, and TURN instead of web apps. We just released DVRTC v0.2.0, which adds pbx2, a new lab built around OpenSIPS, FreeSWITCH, and rtpproxy. It sits alongside the existing pbx1 scenario (Kamailio, Asterisk, rtpengine, coturn), so DVRTC now covers two different VoIP stacks you can practice security testing against. pbx2 comes with its own architecture, docs, and 10 exercises covering: - INVITE-based SIP enumeration - Traffic analysis and packet capture - Online and offline credential cracking - SIP digest leak - RTP bleed and RTP flood - SIP flood - FreeSWITCH Lua SQL injection (manual and sqlmap-automated) The SQL injection path is particularly interesting, since the injection point is the called SIP URI itself. We'll have a dedicated post and video demo on that soon. Live instance at pbx2.dvrtc.net, or run your own with Docker. https://lnkd.in/db2327hE GitHub: https://lnkd.in/dZM-6GVF #voipsecurity #sipsecurity #infosec #penetrationtesting #opensips #freeswitch #training
-
Back in 2020, Pinaki Mondal wrote a SIPVicious OSS tutorial using our old demo server at demo.sipvicious.pro. That server is decommissioned, so I wrote an updated version using DVRTC and the latest SIPVicious OSS (v0.3.7). It's a beginner-friendly walkthrough: scanning with svmap, enumerating extensions with svwar, cracking passwords with svcrack. Everything runs against pbx1.dvrtc.net, so you can follow along without setting up anything. If you're getting into VoIP security testing or want to show someone where to start, this might be useful. https://lnkd.in/dncx7qBj
Want to get started with VoIP security testing? We published a hands-on tutorial using SIPVicious OSS against our DVRTC vulnerable lab at pbx1.dvrtc.net. The tutorial covers the basics: - Scanning and identifying SIP devices with svmap - Enumerating valid extensions with svwar - Cracking weak SIP passwords with svcrack All commands are tested against the live DVRTC instance, so you can follow along. DVRTC also has 7 exercises covering RTP bleed, TURN abuse, digest leak, and more if you want to go deeper. https://lnkd.in/dncx7qBj SIPVicious OSS: https://lnkd.in/dTRPc8iD DVRTC: https://lnkd.in/dZM-6GVF #voipsecurity #sipsecurity #infosec #penetrationtesting #sipvicious #training
-
Want to get started with VoIP security testing? We published a hands-on tutorial using SIPVicious OSS against our DVRTC vulnerable lab at pbx1.dvrtc.net. The tutorial covers the basics: - Scanning and identifying SIP devices with svmap - Enumerating valid extensions with svwar - Cracking weak SIP passwords with svcrack All commands are tested against the live DVRTC instance, so you can follow along. DVRTC also has 7 exercises covering RTP bleed, TURN abuse, digest leak, and more if you want to go deeper. https://lnkd.in/dncx7qBj SIPVicious OSS: https://lnkd.in/dTRPc8iD DVRTC: https://lnkd.in/dZM-6GVF #voipsecurity #sipsecurity #infosec #penetrationtesting #sipvicious #training