Practical Core network, Telecom Hacking

Day 1

Day 1 will introduce the mobile network and its evolution and compare the security features of 2G, 3G, 4G, and 5G. During this day, attendees will start going in depth on 2G core network security, and practical attacks with provided Virtual Machines.

Theory

• Introduction to mobile networks (2G/3G/4G/5G)
• Interfaces and protocols
• Channels
• Evolution
• Interconnections between providers
• Vectors of attacks inside and outside
• SS7 / SIGTRAN attacks and possibilities
• Current tools
• Security mechanisms

Assignment 1

• SS7 / SIGTRAN scanning
• Identifying interesting assets

Assignment 2

• Retrieving informations and secrets of subscribers

Assignment 3

• Retrieving locations
• Looking forward with further attacks

Assignment 4

• Retrieving information from the outside

Day 2

Days 2 will finish the 2G part and start talking about 3G core network and their similarities. After that, we will be able to proceed on 4G core network and attacks on DIAMETER.

Theory

• 3G network pentesting and similarity with 2G
• Interesting components in 3G
• DIAMETER security
• Tools to assess DIAMETER

Assignment 1

• Identifying external nodes (passively and actively)
• Attacking a node from the outside

Assignment 2

• Scanning for DIAMETER components
• Identifying interesting assets

Assignment 3

• Exploiting an identity theft attack

Assignment 4

• Exploiting an SMS theft attack

Assignment 5

• Intercepting traffic

Assignment 6

• Tracking the location of a subscriber

Assignment 7

• Going further with DoS, information gathering, etc.

Day 3

This final day will allow to go further and focus on new infrastructures we tend to see today and in the near future. We will talk and practice around Next-Generation Core Networks used in 5G, and see the changes and new skills that are required with the used interfaces when intruding a network. We will also see opportunities when it comes

Theory

• 5G NSA and SA
• New security mechanisms
• Attacking NGC functions
• Intruding the network from the outside
• The tools we have developed
• (Bonus) OpenRAN

Assignment 1

• Finish 4G attacks
• Intruding a 5G NSA network

Assignment 2

• Finding new opportunies
• Attacking the UPF

Assignment 3

• Identifying
• Attacking VNFs (leaks, exploitation, etc.)

Assignment 4

• Hijacking a network

Assignment 5: Bonus on RAN part

• Introduction to OpeRAN
• Attacking OpenRAN (depending on the time)

The content of private trainings can be arranged depending on your needs. We also provide additional content as follows:

• Practical 2G-5G security radio communication testing
• OpenRAN pentesting
• etc.

• Knowledge of administrating a Linux operating system is required
• Understanding of pentesting (network and applications) or Red teaming is also a plus
• All attendees must have a laptop running Linux, with 8GB of RAM min.
• Basic knowledge of radio in network security is a plus.