Enable Security @enablesecurity@infosec.exchange
Public

TURN servers are meant to relay WebRTC media. To an attacker, they're just proxies.

We wrote up the threats we've been finding since 2017: relay abuse, DoS amplification, and software vulns.

enablesecurity.com/blog/turn-s

TURN Security Threats: A Hacker's View

TURN servers are powerful proxies abused for internal network access, C2 operations, and DDoS attacks. Threat analysis from years of research and pentesting.

www.enablesecurity.com · Enable Security

0
0
1

If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/enablesecurity/statuses/116057294204565643 on your instance and quote it. (Note that quoting is not supported in Mastodon.)

Sandro Gauci @sandrogauci@mastodon.social
Public

RE: infosec.exchange/@enablesecuri

Wrote up our RTCon 2025 talk on TURN security threats. TURN servers are basically open proxies with extra steps. At DEF CON someone showed C2 over Zoom's TURN infra.

enablesecurity.com/blog/turn-s

0
0
0