P1 Training Description TS-201 v1.0 jbt · PDF file• Training material: ... o Huawei...
-
Upload
nguyenkien -
Category
Documents
-
view
221 -
download
4
Transcript of P1 Training Description TS-201 v1.0 jbt · PDF file• Training material: ... o Huawei...
©2017P1Security.Allrightsreserved.
²
TrainingDescription
TS-201TelecomSecurityhands-oncoursewithlabtesting
©2017P1Security.Allrightsreserved.
TS-201TelecomSecurityhands-oncoursewithlabtesting
Descriptionoftraining
Thistrainingprovidesanin-depthknowledgeoftelecomsecurityproblemsandtheirrootsinthetelecomsystemsfocusedonSIGNTRAN,SS7,GPRSandGRXtechnologiesaswellasattacksagainsttelecomnetworkelements,architectureanddesignofvarious3GPPreleases.Duration
Uniqueversion:3days.
Attendeeswillreceive
• Trainingmaterial:copyofthepresenter’sslides;• VirtualMachinewithhands-onexercisesandSIGTRAN/SS7tools;• Scriptsdevelopedduringtrainingforattackingvariousaspectsoftelecomsystems.
Prerequisitesfortraining
• Basicknowledgeoftelecom&networkprinciples:o Whatis2G,3G,4G;o OSInetworklayers;o Basicknowledgeoftelecomtechnologies;o Basicknowledgeoflinux.
• LaptopwithLinuxinstalledeitherinVMornative,KaliorUbuntuwithreverseengineeringandhackingtoolsrecommended;
• GoodknowledgeandusageofWireshark;• GoodITsecuritybackground.
Coveredinthistraining
ThisisapracticalSS7andtelecomsecuritytraining.Itaimsatunderstandingthetheoryandpracticeofattacksandprotectionsoftelecomsignallingnetworks,inthecontextofsecurityandfraud.
Thistrainingprovidesengineerswhoalreadyhaveanestablishedknowledge,eitherintelecomorITsecurity,tounderstandandevaluatesecurityproblemswithinanSS7andtelecom-signalingenvironment.
• SS7Security:o SS7basicsandpossibilities;o SS7protocolsdescription;o Telecomsignallingnetworksarchitectures;o SS7externalaccessSS7Mapreview;o SS7lowlevelprotocolsanalysis;o LowlevelSS7packetsanalysis,sniffingandnetworktracing(hands-on);
©2017P1Security.Allrightsreserved.
o Signallingattacks;o SS7andSIGTRANauditmethodology;o Lowlevelpeering(M3UAandSCCP);o SCTPscanusageandattackscenariosincorenetworksettings;o ScanningSS7networks-fromMTPtoSCTPandupperSS7;o SCTPNetcat(toolexploration);o SS7upperlevelprotocols(UserAdaptationlayers);o Networkelementsandtheirfunctions,HLR,VLR,STP,SCP,BTS,GGSN,SGSN,MSC,
3Galternatives.
• Telecomsignallingvulnerabilities:o Networkelementsunderlyingtechnologies;o Identifyingsignallingandcorenetworkequipment:proprietaryOS,Windows-based,
Linux-based;o GPRSsignallingtechnologies(GTP-C,GTP-UandGTPprime)andknown
vulnerabilities;o AttackingGPRSandGTP-scanning(hands-on);o AttackscenariosandcasestudiesfromGRXandSCCPproviders;o AttackingO&M(OAM&Management)infrastructures(hands-on);o SS7signallingequipmentvulnerabilities;o Huaweidebugbackdoorakapseudomessage(casestudy);o CraftingSS7packets(MSU)byhand(hands-on);o Contextandnetworklayers;o SpoofingSS7(hands-on);o Networkelementvulnerabilityresearch:discoveringzerodaysinSS7equipment;o IndustrializationofvulnerabilityscanninginSS7&SIGTRANcontext;o Radiusprotocol,usageandhands-onattacks.
• Higherlevelapplications:
o SMSfraudandabuses;o Fraudmanagementsystems(FMS)andFRA;o LawfulInterception(LI)systems;o LimitsofCDRbasedfrauddetectionandsecurity;o MobileApplicationPart(MAP)messageanalysisandattacktraffic;o GSMAMAPscreeningrecommendations(Cat1,Cat2,Cat3,Cat3+andCatSMS);o ExaminationofSS7attackscenariosfromnationalandInternationalperimeters.
• Mobiledevices:
o SubscriberIdentityModule;o GSMAuthenticationA3//A5/A8;o GSMAttachprocedures(IMSIandGPRS);o MachinetoMachine(M2M)(Femtocellcasestudy);o PracticalSIMfraud(casestudy).