Core Network Security
Gain knowledge on the risks and opportunities associated with intruding telecom core networks.
In this course, participants will acquire the fundamentals of core networks to identify weaknesses during an internal penetration test or a red team attack from outside. The class is also suitable for operators looking to develop internal security measures by understanding attackers' techniques.
Day 1
This day will introduce the mobile network and its evolution, compare the security features of 2G, 3G, 4G, and 5G, and delve into 2G-3G core network security and practical attacks using provided virtual machines. Participants will then proceed to explore 4G core network and attacks on DIAMETER.
Topics Covered
- Introduction to mobile networks (2G/3G/4G/5G)
- Interfaces and protocols
- Channels
- Evolution
- Interconnections between providers
- Vectors of attacks inside and outside
- SS7 / SIGTRAN attacks and possibilities
- Current tools
- Security mechanisms
- 3G network pentesting and similarity with 2G
- Interesting components in 3G
- DIAMETER security
- Tools to assess DIAMETER
Assignments
- SS7 / SIGTRAN scanning
- Identifying interesting assets
- Retrieving information and secrets of subscribers
- Retrieving locations
- Identifying external nodes (passively and actively) and attacking a node from outside
- Playing with DIAMETER
Day 2
This day will focus on new infrastructures that we tend to see today and in the near future, such as Next-Generation Core Networks used in 5G. Participants will learn about the changes and new skills required to intrude a network using the used interfaces and explore opportunities that arise.
Topics Covered
- 5G NSA and SA
- New security mechanisms
- Attacking NGC functions
- Intruding the network from outside
- The tools developed
- Introduction to OpenRAN
Assignments
- Continuing 4G core network content
- Exploiting an identity theft attack
- Exploiting an SMS theft attack
- Tracking the location of a subscriber
- Finding new opportunities and attacking the UPF
- Identifying and attacking VNFs (leaks, exploitation, etc.)
- Hijacking a network
- Bonus: Introduction to OpenRAN and attacking OpenRAN (depending on time)
By the end of the course, participants will have a comprehensive understanding of core network and telecom hacking and will be equipped with the necessary skills to defend against such attacks.
Sébastien is a security researcher focusing on flaws in radio-communication systems. He has published attacks against mobile device baseband, Power-Line devices, as well as intercom systems.