Sandro Gauci

@sandrogauci
50 Followers
54 Following
32 Posts
mostly harmless
"'><script/src=//x-x.cc>
Enable Securityhttps://infosec.exchange/@enablesecurity
Sandro Gauci1d ago

RE: https://infosec.exchange/@enablesecurity/116300709031150946

VoIP/WebRTC security has needed a DVWA equivalent for a long time. We built DVRTC: full dockerized VoIP stack, intentionally vulnerable, 7 guided exercises.

Live instance at pbx1.dvrtc.net โ€” try it now.

https://www.enablesecurity.com/blog/introducing-dvrtc-damn-vulnerable-real-time-communications/

#infosec #webrtc #voipsecurity #penetrationtesting #training

Sandro GauciFeb 25

RE: https://infosec.exchange/@enablesecurity/116130697375709804

Published the "how to fix it" companion to our TURN security threats post. Best practices guide + coturn config templates at three security levels.

Also discussing TURN security on WebRTC Live today: https://webrtc.ventures/webrtc-live/

https://www.enablesecurity.com/blog/turn-security-best-practices/
https://www.enablesecurity.com/blog/coturn-security-configuration-guide/

#infosec #webrtc #security #TURN #coturn #voip

Sandro GauciFeb 12

RE: https://infosec.exchange/@enablesecurity/116057294204565643

Wrote up our RTCon 2025 talk on TURN security threats. TURN servers are basically open proxies with extra steps. At DEF CON someone showed C2 over Zoom's TURN infra.

https://www.enablesecurity.com/blog/turn-server-security-threats/
#infosec #webrtc #security #TURN #penetrationtesting #voip

Sandro GauciOct 31
Fred PosnerOct 31
Monthly reminder that there are those who read what @sandrogauci / @enablesecurity writes, and those who wish they had. #security #rtc #voip
https://www.enablesecurity.com/newsletter/2025-10-rtcsec-news/
October 2025: RTP attacks, Cisco VoIP phones, satellite leaks, and nation-state breaches

October 2025 RTCSec newsletter: RTP Bleed and Inject discussions, critical Cisco VoIP phone vulnerabilities, satellite communication leaks, Ribbon Communications breach, and comprehensive security updates

Sandro GauciOct 1
Show threadEnable SecurityOct 1

@fredposner @sandrogauci Thanks for the post! This one covers:

FreePBX troubles and fixes (CVE-2025-57819 + more)
Voice-AI meets toll fraud ๐Ÿ“ž๐Ÿ’ธ
RTP Bleed clarifications for DTLS-SRTP
TURN security deep-dive
+ Qualcomm & Chrome WebRTC vulns

https://www.enablesecurity.com/newsletter/2025-09-rtcsec-news/

September 2025: more RTP, FreePBX and Voice AI vulnerabilities this time

September 2025 RTCSec newsletter: more RTP, FreePBX and Voice AI vulnerabilities this time

Sandro GauciOct 1
Fred PosnerSep 30

End of the month which means it's time for me to link the @enablesecurity newsletter and say...

"There are those who read what @sandrogauci writes... and those who wish they had."

https://www.enablesecurity.com/newsletter/2025-09-rtcsec-news/

September 2025: more RTP, FreePBX and Voice AI vulnerabilities this time

September 2025 RTCSec newsletter: more RTP, FreePBX and Voice AI vulnerabilities this time

Sandro GauciDec 19, 2024
Fred PosnerDec 19, 2024

Last time for 2024...

There are those who read what @sandrogauci / @enablesecurity write, and those who wish they had.

https://www.enablesecurity.com/newsletter/2024-12-rtcsec-news/

#voip #webrtc

December 2024: Wrap-Up & Latest VoIP and WebRTC Security News

December 2024 RTCSec newsletter: Year-end review of VoIP & WebRTC security, featuring major breaches, vulnerability reports, and key achievements in RTC security.

Sandro GauciDec 2, 2024
Fred PosnerNov 29, 2024

As I say every issueโ€ฆ there are those who read what @enablesecurity / @sandrogauci write and those who wish they had.

https://www.enablesecurity.com/newsletter/2024-11-rtcsec-news/?utm_medium=email&_hsenc=p2ANqtz--Dm7VzxJmDQ-izmClmezAv11KPZ3J0jvEpr0PDAbOf1BQKgf45CrGR0dvWxytolaMOpFLoOqq-PJW7L38Id0-i7GNhHA&_hsmi=336230030&utm_content=336230030&utm_source=hs_email

#voip #rtc #webrtc #security

November 2024: Breaking VoIP & WebRTC โ€“ Exploits, Vulnerabilities, and Shodan Insights

November 2024 RTCSec newsletter: Uncover critical VoIP and WebRTC security insights, including Messenger exploits, vulnerabilities in Cisco phones and video codecs, and Shodan-revealed threats.

Sandro GauciOct 25, 2024
Fred PosnerOct 25, 2024

Very packed edition this month. As I love to say... you either read what @sandrogauci / Enable Security GmbH writes **or you wish you had**.

https://www.enablesecurity.com/newsletter/2024-10-rtcsec-news/

October 2024: WebRTC app vulnerabilities at DEF CON 32, SIP URI security, VoIP product fixes

October 2024 RTCSec newsletter: 3 years of newsletter, a new white paper about a WebRTC implementation vulnerability, DEF CON 32 talks that mention WebRTC, a fake FBI-run phone company and SIP URI parsing vulnerabilities, various vulnerabilities fixed in Cisco ATA devices, Mitel, VICIDial, and more

Sandro GauciMay 31, 2024
Fred PosnerMay 31, 2024

@sandrogauci and the Enable Security GmbH posted the latest RTC Security Newsletter.

Required reading as far as I'm concerned.

@Kwancro is also featured with his amazing open relay tester.

https://www.rtcsec.com/newsletter/2024-05-rtcsec-news/

#voip #rtc #sip #security

May 2024: Presenting on DTLS WebRTC DoS and the latest VoIP vulnerabilities

RTCSec News May 2024: Presenting on DTLS WebRTC DoS and the latest VoIP vulnerabilities