Tags › denial of service
Massive DDoS attacks on VoIP Providers and simulated DDoS testing
Published on Sep 24, 2021 in denial of service, voip security
VoIP.ms and other VoIP providers under DDoS attack At the time of writing, a major VoIP provider called VoIP.ms is under a distributed denial of service (DDoS) attack since over a week. As a result, they are unable to serve their customers with everyone and their dog complaining that they cannot connect to VoIP.ms’s SIP servers as well as other resources. At the same time, someone claiming to be part of the REvil ransomware group is blackmailing the provider.…
DEMO - An overview of the VoIP and RTC offensive security toolset, SIPVicious PRO
Published on May 25, 2021 in sip security, sipvicious pro, sip security testing, fuzzing, denial of service, training, devops
We pushed out a video that introduces the basics of SIPVicious PRO by demonstrating some of the attack tools and showing the building blocks for automating security testing of VoIP and WebRTC applications and infrastructure. What follows is a transcript of the video. Introduction Hello, I’m Sandro Gauci from Enable Security. In this video, I’d like to show you what we have been working on, SIPVicious PRO! Let’s start by introducing the tools.…
TADSummit Asia 2021 talk about SIPVicious Pro and the Demo Server
Published on May 18, 2021 in sip security, sipvicious pro, sip security testing, demo server, sipvicious oss, fuzzing, denial of service, training, devops
TADSummit is a great event where people from different backgrounds that are somehow involved in communications, contribute in various ways. I, personally, always look forward to see what’s coming up in the next TADSummit event. At the moment, TADSummit Asia presentations are currently being released on a daily basis on the main site. And last week, the presentation that I prepared was published! In the previous TADSummit, I had presented about why we need to bring an offensive approach to RTC security.…
How doing QA testing for SIPVicious PRO led to an Asterisk DoS
Published on Nov 10, 2020 in fuzzing, sip security, sipvicious pro, sip security testing, denial of service
Executive summary (TL;DR) While heavily testing SIPVicious PRO for bugs, we encountered an unexpected crash in Asterisk. We reported this to the Asterisk team, who recently issued a fix. If you’re a vendor, you too can beta test SIPVicious PRO! How the Asterisk crash was found We test our software as much as we can because, like any other software, ours contains bugs too! When it comes to SIPVicious PRO, one of our quality assurance tests is to run it against instances of Asterisk and Kamailio and check for expected results.…