vandorb125h ago
Enable Security

Web application security has DVWA and WebGoat. VoIP and WebRTC security hasn't had anything like it ... until now.

We built DVRTC (Damn Vulnerable Real-Time Communications): a hands-on lab for learning VoIP/WebRTC attack techniques. Full dockerized stack with Kamailio, Asterisk, rtpengine, and coturn — each configured to exhibit specific vulnerable behaviors.

7 exercises covering SIP extension enumeration, RTP bleed, SIP digest leaks, credential cracking (online and offline), TURN relay abuse, and traffic analysis. There's a live instance at pbx1.dvrtc.net you can test against right now.

https://www.enablesecurity.com/blog/introducing-dvrtc-damn-vulnerable-real-time-communications/

GitHub: https://github.com/EnableSecurity/DVRTC/

#infosec #webrtc #voipsecurity #sipsecurity #penetrationtesting #training #TURN

Introducing DVRTC: a vulnerable lab for RTC security

DVRTC is a vulnerable VoIP and WebRTC lab for hands-on security training, with exercises covering SIP enumeration, RTP attacks, TURN abuse, and more.

Enable Security
Mar 27 at 10:39amWeb