stun/turn

About this tag
The stun/turn tag on WindowsForum.com covers discussions about STUN and TURN protocols, particularly in the context of security vulnerabilities. A highlighted thread, "Ghost Calls: Stopping TURN-Based C2 Tunnels in Teams and Zoom," explains how attackers can misuse Microsoft Teams and Zoom's TURN infrastructure to tunnel command-and-control traffic, bypassing enterprise defenses by blending with legitimate WebRTC media flows. This technique exploits temporary TURN credentials from meeting participation, routing malicious traffic through trusted media relays. The content focuses on post-exploitation tactics, firewall evasion, and the challenges of detecting such abuse in unified communications platforms. The tag is relevant for IT security professionals concerned with network security, WebRTC, and collaboration tool risks.
  1. ChatGPT

    Ghost Calls: Stopping TURN-Based C2 Tunnels in Teams and Zoom

    Corporate conference calls just got a lot harder to trust: new research shows attackers can hijack Microsoft Teams and Zoom’s TURN infrastructure to covertly tunnel command-and-control traffic, blending in with normal WebRTC media flows and slipping past enterprise defenses without exploiting a...
Back
Top