Sandro Gauci's Avatar

Sandro Gauci

@sandrogauci

Offensive VoIP/WebRTC security; mostly harmless Offensive VoIP/WebRTC security; mostly harmless enablesecurity.com/blog Chief Mischief Officer @enablesecurity http://savvycal.com/sandrogauci/pub

34
Followers 8
Following 4
Posts 20.11.2024
Joined
Posts Following

Latest posts by Sandro Gauci @sandrogauci

Published the "how to fix it" guides for TURN server security. Copy-paste coturn configs included. Also talking about this on WebRTC Live today: webrtc.ventures/webrtc-live/

enablesecurity.com/blog/turn-security-best-practices/

25.02.2026 10:04 ๐Ÿ‘ 2 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

Wrote up our RTCon 2025 talk on TURN security threats.

www.enablesecurity.com/blog/turn-se...

12.02.2026 10:53 ๐Ÿ‘ 2 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
TURN Security Threats: A Hacker's View TURN servers are powerful proxies abused for internal network access, C2 operations, and DDoS attacks. Threat analysis from years of research and pentesting.

TURN servers are meant to relay WebRTC media. To an attacker, they're just proxies.

We wrote up the threats we've been finding since 2017: relay abuse, DoS amplification, and software vulns.

www.enablesecurity.com/blog/turn-se...

12.02.2026 10:52 ๐Ÿ‘ 2 ๐Ÿ” 3 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 1
Preview
November 2025: VoIP and WebRTC vulnerability roundup November 2025 RTCSec newsletter: Cisco UCCX critical RCE, FreePBX command injection, Firefox WebRTC use-after-free, Jitsi OAuth hijacking, PJSIP buffer overflow, AudioCodes EOL vulnerabilities, and Mi...

I know those of us in the US have had out minds focused on all things Turkey... but now it's time to remember that there are those that read what @sandrogauci.bsky.social / @enablesecurity.bsky.social writes, and those who wish they had. #security #rtc #voip

www.enablesecurity.com/newsletter/2...

30.11.2025 20:02 ๐Ÿ‘ 2 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
October 2025: RTP attacks, Cisco VoIP phones, satellite leaks, and nation-state breaches October 2025 RTCSec newsletter: RTP Bleed and Inject discussions, critical Cisco VoIP phone vulnerabilities, satellite communication leaks, Ribbon Communications breach, and comprehensive security upd...

Monthly reminder that there are those who read what @sandrogauci.bsky.social / @enablesecurity.bsky.social writes, and those who wish they had. #security #rtc #voip www.enablesecurity.com/newsletter/2...

31.10.2025 14:26 ๐Ÿ‘ 1 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

Thanks @fred.tel ! This one covers:

FreePBX troubles and fixes (CVE-2025-57819 + more)
Voice-AI meets toll fraud ๐Ÿ“ž๐Ÿ’ธ
RTP Bleed clarifications for DTLS-SRTP
TURN security deep-dive
+ Qualcomm & Chrome WebRTC vulns

01.10.2025 08:42 ๐Ÿ‘ 2 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
September 2025: more RTP, FreePBX and Voice AI vulnerabilities this time September 2025 RTCSec newsletter: more RTP, FreePBX and Voice AI vulnerabilities this time

End of the month which means it's time for me to link the @enablesecurity.bsky.social newsletter and say...

"There are those who read what @sandrogauci.bsky.social writes... and those who wish they had."

www.enablesecurity.com/newsletter/2...

30.09.2025 19:04 ๐Ÿ‘ 2 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 1
Preview
RTCSec Newsletter - a monthly newsletter about VoIP and WebRTC security Curated VoIP and WebRTC security news, research and updates by Enable Security.

The latest newsletter from @enablesecurity.bsky.social is out and as I always say...

There are those who read what @sandrogauci.bsky.social writes, and those who wish they had.

www.enablesecurity.com/newsletter/

(subscribe link right at the top)

#voip #webrtc #sip #security #kamailio

29.05.2025 17:26 ๐Ÿ‘ 4 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

What a great surprise ๐Ÿ˜€ on the way back $HOME now. See you at the next one!

14.05.2025 11:00 ๐Ÿ‘ 1 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Post image

There are those who listen to @sandrogauci.bsky.social / @enablesecurity.bsky.social and those that wish they had. #kamailioworld

12.05.2025 16:40 ๐Ÿ‘ 1 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

Anyone who should subscribe, its here: www.enablesecurity.com/subscribe/

30.04.2025 16:42 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0