Practical Core network, Telecom Hacking

Why choosing this course?

Learn about risks and opportunities to intrude core networks

In this class, attendees will get good basics of core network fundamentals in order to understand the weaknesses that could be found during an internal penetration test, or to open doors during a red team attack from the outside. This class is also applicable to operators who need to develop mesures internally by understanding attackers techniques.

Contact us to request a quote! Look at the pricing

About the training

In this class, students will learn how to hunt for common vulnerabilities in core networks by studying different aspects:

  • Learn the difference between 2G, 3G, 4G, and 5G infrastructures
  • Understand the different security mechanisms
  • Exposed services
  • The different protocoles and interfaces
  • Hunting for common internal and external vulnerabilities
  • Steal secrets and informations of subscribers
  • Privoting internally
  • Security measures

Day 1

Day 1 will introduce the mobile network and its evolution and compare the security features of 2G, 3G, 4G, and 5G. During this day, attendees will start going in depth on 2G core network security, and practical attacks with provided Virtual Machines.


  • Introduction to mobile networks (2G/3G/4G/5G)
  • Interfaces and protocols
  • Channels
  • Evolution
  • Interconnections between providers
  • Vectors of attacks inside and outside
  • SS7 / SIGTRAN attacks and possibilities
  • Current tools
  • Security mechanisms

Assignment 1

  • SS7 / SIGTRAN scanning
  • Identifying interesting assets

Assignment 2

  • Retrieving informations and secrets of subscribers

Assignment 3

  • Retrieving locations
  • Looking forward with further attacks

Assignment 4

  • Retrieving information from the outside

Day 2

Days 2 will finish the 2G part and start talking about 3G core network and their similarities. After that, we will be able to proceed on 4G core network and attacks on DIAMETER.


  • 3G network pentesting and similarity with 2G
  • Interesting components in 3G
  • DIAMETER security
  • Tools to assess DIAMETER

Assignment 1

  • Identifying external nodes (passively and actively)
  • Attacking a node from the outside

Assignment 2

  • Scanning for DIAMETER components
  • Identifying interesting assets

Assignment 3

  • Exploiting an identity theft attack

Assignment 4

  • Exploiting an SMS theft attack

Assignment 5

  • Intercepting traffic

Assignment 6

  • Tracking the location of a subscriber

Assignment 7

  • Going further with DoS, information gathering, etc.

Day 3

This final day will allow to go further and focus on new infrastructures we tend to see today and in the near future. We will talk and practice around Next-Generation Core Networks used in 5G, and see the changes and new skills that are required with the used interfaces when intruding a network. We will also see opportunities when it comes


  • 5G NSA and SA
  • New security mechanisms
  • Attacking NGC functions
  • Intruding the network from the outside
  • The tools we have developed
  • (Bonus) OpenRAN

Assignment 1

  • Finish 4G attacks
  • Intruding a 5G NSA network

Assignment 2

  • Finding new opportunies
  • Attacking the UPF

Assignment 3

  • Identifying
  • Attacking VNFs (leaks, exploitation, etc.)

Assignment 4

  • Hijacking a network

Assignment 5: Bonus on RAN part

  • Introduction to OpeRAN
  • Attacking OpenRAN (depending on the time)

The content of private trainings can be arranged depending on your needs. We also provide additional content as follows:

  • Practical 2G-5G security radio communication testing
  • OpenRAN pentesting
  • etc.
  • Knowledge of administrating a Linux operating system is required
  • Understanding of pentesting (network and applications) or Red teaming
  • All attendees will need to bring a laptop running Linux, and with capacity of 8GB of RAM min.
  • Basic knowledge of radio in network security is a plus.
Events hosting our courses

Pricing (prices exclude 20% VAT in France)

Remote Single person
2 850€ for one person

3-day remote live training, including slides, Docker container, a VM, scripts/tools.

Contact us!
Remote Private group
2 400€ /attendee
+ possible discount

3-day remote live training, including slides, Docker container, a VM, scripts/tools.

An extra discount can be negotiated depending on the number of attendees.

Contact us!
Tailored content

Content can be fully tailored depending on your needs.

Contact us for more information!

Subscribe to our mailing list

New content, events, products, services, and more!

* indicates required