Something we've wanted to build for a long time. VoIP/WebRTC security practice has needed a DVWA equivalent. DVRTC is our attempt at that.

pbx1.dvrtc.net is live now.

enablesecurity.com/blog/introducing-dvrtc-damn-vulnerable-real-time-communications/

Published the "how to fix it" guides for TURN server security. Copy-paste coturn configs included. Also talking about this on WebRTC Live today: webrtc.ventures/webrtc-live/

enablesecurity.com/blog/turn-security-best-practices/

Wrote up our RTCon 2025 talk on TURN security threats.

www.enablesecurity.com/blog/turn-se...

TURN Security Threats: A Hacker's View TURN servers are powerful proxies abused for internal network access, C2 operations, and DDoS attacks. Threat analysis from years of research and pentesting.

TURN servers are meant to relay WebRTC media. To an attacker, they're just proxies.

We wrote up the threats we've been finding since 2017: relay abuse, DoS amplification, and software vulns.

www.enablesecurity.com/blog/turn-se...

November 2025: VoIP and WebRTC vulnerability roundup November 2025 RTCSec newsletter: Cisco UCCX critical RCE, FreePBX command injection, Firefox WebRTC use-after-free, Jitsi OAuth hijacking, PJSIP buffer overflow, AudioCodes EOL vulnerabilities, and Mi...

I know those of us in the US have had out minds focused on all things Turkey... but now it's time to remember that there are those that read what @sandrogauci.bsky.social / @enablesecurity.bsky.social writes, and those who wish they had. #security #rtc #voip

www.enablesecurity.com/newsletter/2...

October 2025: RTP attacks, Cisco VoIP phones, satellite leaks, and nation-state breaches October 2025 RTCSec newsletter: RTP Bleed and Inject discussions, critical Cisco VoIP phone vulnerabilities, satellite communication leaks, Ribbon Communications breach, and comprehensive security upd...

Monthly reminder that there are those who read what @sandrogauci.bsky.social / @enablesecurity.bsky.social writes, and those who wish they had. #security #rtc #voip www.enablesecurity.com/newsletter/2...

Thanks @fred.tel ! This one covers:

FreePBX troubles and fixes (CVE-2025-57819 + more)
Voice-AI meets toll fraud 📞💸
RTP Bleed clarifications for DTLS-SRTP
TURN security deep-dive
+ Qualcomm & Chrome WebRTC vulns

September 2025: more RTP, FreePBX and Voice AI vulnerabilities this time September 2025 RTCSec newsletter: more RTP, FreePBX and Voice AI vulnerabilities this time

End of the month which means it's time for me to link the @enablesecurity.bsky.social newsletter and say...

"There are those who read what @sandrogauci.bsky.social writes... and those who wish they had."

www.enablesecurity.com/newsletter/2...

RTCSec Newsletter - a monthly newsletter about VoIP and WebRTC security Curated VoIP and WebRTC security news, research and updates by Enable Security.

The latest newsletter from @enablesecurity.bsky.social is out and as I always say...

There are those who read what @sandrogauci.bsky.social writes, and those who wish they had.

www.enablesecurity.com/newsletter/

(subscribe link right at the top)

#voip #webrtc #sip #security #kamailio

What a great surprise 😀 on the way back $HOME now. See you at the next one!

There are those who listen to @sandrogauci.bsky.social / @enablesecurity.bsky.social and those that wish they had. #kamailioworld

Anyone who should subscribe, its here: www.enablesecurity.com/subscribe/