Skip to main content

Tags Demo Server

DVRTC v0.2.0: pbx2 and SIP SQL injection

Published on Apr 21, 2026 in , , , , , , , ,

DVRTC v0.2.0 expands the lab with pbx2, a new OpenSIPS, FreeSWITCH, and rtpproxy scenario. It also adds a fun SIP-driven Lua SQL injection exercise, along with new docs, workflows, and attack paths to try.…

Read more about DVRTC v0.2.0: pbx2 and SIP SQL injection

SIPVicious tutorial: testing VoIP security with DVRTC

Published on Apr 13, 2026 in , , , , , , , ,

A hands-on tutorial showing how to use SIPVicious OSS to scan, enumerate, and crack SIP credentials on our DVRTC vulnerable lab at pbx1.dvrtc.net. This is an updated version of our 2020 tutorial that used the now-retired demo.sipvicious.pro server.…

Read more about SIPVicious tutorial: testing VoIP security with DVRTC

Introducing DVRTC: a vulnerable lab for RTC security

Published on Mar 27, 2026 in , , , , , , , , , ,

We’re releasing DVRTC (Damn Vulnerable Real-Time Communications), an intentionally vulnerable VoIP/WebRTC lab environment for security training and research. It comes with 7 hands-on exercises covering 12 attack paths, a live deployment at pbx1.dvrtc.net, and everything you need to start practicing RTC security testing.…

Read more about Introducing DVRTC: a vulnerable lab for RTC security

Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms

Published on Apr 8, 2022 in , , , , , ,

Executive summary (TL;DR)

Exploiting CVE-2022-0778 in a WebRTC context requires that you get a few things right first. But once that is sorted, DoS (in RTC) is the new RCE!

How I got social engineered into looking at CVE-2022-0778

A few days ago, Philipp Hancke, self-proclaimed purveyor of the dark side of WebRTC, messaged me privately with a very simple question: “are you offering a DTLS scanner by chance?”

He explained how in the context of WebRTC it would be a bit difficult since you need to get signaling right, ICE (that dance with STUN and other funny things) and finally, you get to do your DTLS scans. He added that he hopes that these difficulties raise the bar for exploiting latest OpenSSL CVE.

Read more about Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms

TADSummit Asia 2021 talk about SIPVicious Pro and the Demo Server

Published on May 18, 2021 in , , , , , , , ,

TADSummit is a great event where people from different backgrounds that are somehow involved in communications, contribute in various ways. I, personally, always look forward to see what’s coming up in the next TADSummit event. At the moment, TADSummit Asia presentations are currently being released on a daily basis on the main site. And last week, the presentation that I prepared was published!

In the previous TADSummit, I had presented about why we need to bring an offensive approach to RTC security. In this one, I introduce our contributions to the space, i.e. SIPVicious OSS, SIPVicious PRO and the demo server.

Read more about TADSummit Asia 2021 talk about SIPVicious Pro and the Demo Server

Subscribe

Receive high-quality, low-volume RTC security research, news and occasional updates about what we're up to.

Interested in our services? Let's collaborate.
Get in touch

We hate spam and are committed to protecting and respecting your privacy. You can unsubscribe from our communications at any time. By subscribing, you are agreeing to the Privacy Policy.