Sandro Gauci21h ago

RE: https://infosec.exchange/@enablesecurity/116300709031150946

VoIP/WebRTC security has needed a DVWA equivalent for a long time. We built DVRTC: full dockerized VoIP stack, intentionally vulnerable, 7 guided exercises.

Live instance at pbx1.dvrtc.net — try it now.

https://www.enablesecurity.com/blog/introducing-dvrtc-damn-vulnerable-real-time-communications/

#infosec #webrtc #voipsecurity #penetrationtesting #training

Enable Security21h ago

Web application security has DVWA and WebGoat. VoIP and WebRTC security hasn't had anything like it ... until now.

We built DVRTC (Damn Vulnerable Real-Time Communications): a hands-on lab for learning VoIP/WebRTC attack techniques. Full dockerized stack with Kamailio, Asterisk, rtpengine, and coturn — each configured to exhibit specific vulnerable behaviors.

7 exercises covering SIP extension enumeration, RTP bleed, SIP digest leaks, credential cracking (online and offline), TURN relay abuse, and traffic analysis. There's a live instance at pbx1.dvrtc.net you can test against right now.

https://www.enablesecurity.com/blog/introducing-dvrtc-damn-vulnerable-real-time-communications/

GitHub: https://github.com/EnableSecurity/DVRTC/

#infosec #webrtc #voipsecurity #sipsecurity #penetrationtesting #training #TURN

Introducing DVRTC: a vulnerable lab for RTC security

DVRTC is a vulnerable VoIP and WebRTC lab for hands-on security training, with exercises covering SIP enumeration, RTP attacks, TURN abuse, and more.

Enable Security
TechNaduFeb 23

CVE-2026-2329 — Critical VoIP RCE
Affects: Grandstream GXP1600
Type: Stack-based buffer overflow
Impact: Unauthenticated RCE (root)

Attack Path:
• Extract SIP credentials
• Modify SIP proxy settings
• Transparent call interception

Operational risk:
• SMB exposure
• Flat networks
• Insufficient VoIP monitoring

Patch available: Firmware 1.0.7.81.
Community question:
Are you incorporating VoIP firmware into vulnerability scanning pipelines?

Do you log and monitor SIP configuration changes?

Source: https://www.securityweek.com/critical-grandstream-phone-vulnerability-exposes-calls-to-interception/

Engage below and follow TechNadu for detailed CVE intelligence and technical breakdowns.

#ThreatIntel #VoIPSecurity #CVE20262329 #RCE #VulnerabilityManagement #NetworkDefense #Infosec #CyberRisk

paytiaAug 12, 2025

📞 3CX users: Transform your phone system into a secure payment platform.

Our 3CX integration includes:

• Seamless setup process
• Agent User Interface
• Real-time payment processing
• Advanced reporting tools
• SIP connectivity
• Network level call recording

Step-by-step setup guide included. Start processing secure payments today."

👉 Click for more information: https://zurl.co/ejicb

#Paytia #3CXIntegration #PhonePayments #VoIPSecurity #TelephonyIntegration

EfaniDec 11, 2023

Enhance the security of your Voice over Internet Protocol (VoIP) systems with these best practices👇

#VoIPSecurity #CyberSecurity #BestPractices