Skip to main content

Tags Voip Security

Why volumetric DDoS cripples VoIP providers and what we see during pentesting

Published on Oct 13, 2021 in ,

An epiphany

Until a few days ago, I was of the opinion that simulating volumetric DDoS attacks is not something we should be doing. If you had asked us for such a test, we would have given you a negative answer.

Ironically, we had been unwittingly simulating volumetric DDoS attacks while quietly ignoring our own results. But, it’s time to stop neglecting bandwidth saturation and start giving it the attention that it deserves.

Read more about Why volumetric DDoS cripples VoIP providers and what we see during pentesting

Massive DDoS attacks on VoIP Providers and simulated DDoS testing

Published on Sep 24, 2021 in ,

VoIP.ms and other VoIP providers under DDoS attack

At the time of writing, a major VoIP provider called VoIP.ms is under a distributed denial of service (DDoS) attack since over a week. As a result, they are unable to serve their customers with everyone and their dog complaining that they cannot connect to VoIP.ms’s SIP servers as well as other resources. At the same time, someone claiming to be part of the REvil ransomware group is blackmailing the provider.

Read more about Massive DDoS attacks on VoIP Providers and simulated DDoS testing

Abusing SIP for Cross-Site Scripting? Most definitely!

Published on Jun 10, 2021 in , ,

SIP can be used as an attack vector for cross-site scripting (XSS), potentially leading to unauthenticated remote compromise of critical systems. This writeup explores how persistent backdoor administrative access was obtained by sending malicious SIP messages to VoIPmonitor GUI.…

Read more about Abusing SIP for Cross-Site Scripting? Most definitely!

Bug discovery diaries: Abusing VoIPmonitor for Remote Code Execution

Published on Mar 16, 2021 in , , , , , ,

Executive summary (TL;DR)

We fuzzed VoIPmonitor by using SIPVicious PRO and got a crash in the software’s live sniffer feature when it is switched on. We identified the cause of the crash by looking at the source code, which was a classic buffer overflow. Then we realized that was fully exploitable since the binaries distributed do not have any memory corruption protection. So we wrote exploit code using ROP gadgets to get remote code execution by just sending a SIP packet. We also reported this upstream so that it was fixed in the official distribution.

Read more about Bug discovery diaries: Abusing VoIPmonitor for Remote Code Execution

RTC Security chat at Kamailio World Online with Daniel and Olle

Published on Oct 5, 2020 in , , , ,

It’s been a month already since the Kamailio World RTC security chat! The conversation included Daniel-Constantin Mierla and Olle E. Johansson from the Kamailio project and myself. Daniel is the lead developer of Kamailio, can be found at ASIPTO while Olle is behind Edvina.net.

If you don’t have time to watch the entire conversation, the following is my summary of this discussion:

Read more about RTC Security chat at Kamailio World Online with Daniel and Olle

Kamailio World Online SIP and VoIP Security Panel

Published on Aug 27, 2020 in , , , ,

On 2nd September, 14:00-14:30 Berlin time, the author of this post is joining Olle E. Johansson to chat at Kamailio World online about (guess what?) SIP and VoIP security, and recommendations on how working from home impacts security. I very much look forward to our discussions that will be streamed live on the Kamailio World youtube channel!

My arguments will likely be turned into an opinion piece later on, but they’ll likely steer towards the following thoughts:

Read more about Kamailio World Online SIP and VoIP Security Panel

Subscribe

Receive high-quality, low-volume RTC security research, news and occasional updates about what we're up to.

Interested in our services? Let's collaborate.
Get in touch

We hate spam and are committed to protecting and respecting your privacy. You can unsubscribe from our communications at any time. By subscribing, you are agreeing to the Privacy Policy.