©2017P1Security.Allrightsreserved.

²

TrainingDescription

TS-201TelecomSecurityhands-oncoursewithlabtesting

©2017P1Security.Allrightsreserved.

TS-201TelecomSecurityhands-oncoursewithlabtesting

Descriptionoftraining

Thistrainingprovidesanin-depthknowledgeoftelecomsecurityproblemsandtheirrootsinthetelecomsystemsfocusedonSIGNTRAN,SS7,GPRSandGRXtechnologiesaswellasattacksagainsttelecomnetworkelements,architectureanddesignofvarious3GPPreleases.Duration

Uniqueversion:3days.

Attendeeswillreceive

• Trainingmaterial:copyofthepresenter’sslides;• VirtualMachinewithhands-onexercisesandSIGTRAN/SS7tools;• Scriptsdevelopedduringtrainingforattackingvariousaspectsoftelecomsystems.

Prerequisitesfortraining

• Basicknowledgeoftelecom&networkprinciples:o Whatis2G,3G,4G;o OSInetworklayers;o Basicknowledgeoftelecomtechnologies;o Basicknowledgeoflinux.

• LaptopwithLinuxinstalledeitherinVMornative,KaliorUbuntuwithreverseengineeringandhackingtoolsrecommended;

• GoodknowledgeandusageofWireshark;• GoodITsecuritybackground.

Coveredinthistraining

ThisisapracticalSS7andtelecomsecuritytraining.Itaimsatunderstandingthetheoryandpracticeofattacksandprotectionsoftelecomsignallingnetworks,inthecontextofsecurityandfraud.

Thistrainingprovidesengineerswhoalreadyhaveanestablishedknowledge,eitherintelecomorITsecurity,tounderstandandevaluatesecurityproblemswithinanSS7andtelecom-signalingenvironment.

• SS7Security:o SS7basicsandpossibilities;o SS7protocolsdescription;o Telecomsignallingnetworksarchitectures;o SS7externalaccessSS7Mapreview;o SS7lowlevelprotocolsanalysis;o LowlevelSS7packetsanalysis,sniffingandnetworktracing(hands-on);

©2017P1Security.Allrightsreserved.

o Signallingattacks;o SS7andSIGTRANauditmethodology;o Lowlevelpeering(M3UAandSCCP);o SCTPscanusageandattackscenariosincorenetworksettings;o ScanningSS7networks-fromMTPtoSCTPandupperSS7;o SCTPNetcat(toolexploration);o SS7upperlevelprotocols(UserAdaptationlayers);o Networkelementsandtheirfunctions,HLR,VLR,STP,SCP,BTS,GGSN,SGSN,MSC,

3Galternatives.

• Telecomsignallingvulnerabilities:o Networkelementsunderlyingtechnologies;o Identifyingsignallingandcorenetworkequipment:proprietaryOS,Windows-based,

Linux-based;o GPRSsignallingtechnologies(GTP-C,GTP-UandGTPprime)andknown

vulnerabilities;o AttackingGPRSandGTP-scanning(hands-on);o AttackscenariosandcasestudiesfromGRXandSCCPproviders;o AttackingO&M(OAM&Management)infrastructures(hands-on);o SS7signallingequipmentvulnerabilities;o Huaweidebugbackdoorakapseudomessage(casestudy);o CraftingSS7packets(MSU)byhand(hands-on);o Contextandnetworklayers;o SpoofingSS7(hands-on);o Networkelementvulnerabilityresearch:discoveringzerodaysinSS7equipment;o IndustrializationofvulnerabilityscanninginSS7&SIGTRANcontext;o Radiusprotocol,usageandhands-onattacks.

• Higherlevelapplications:

o SMSfraudandabuses;o Fraudmanagementsystems(FMS)andFRA;o LawfulInterception(LI)systems;o LimitsofCDRbasedfrauddetectionandsecurity;o MobileApplicationPart(MAP)messageanalysisandattacktraffic;o GSMAMAPscreeningrecommendations(Cat1,Cat2,Cat3,Cat3+andCatSMS);o ExaminationofSS7attackscenariosfromnationalandInternationalperimeters.

• Mobiledevices:

o SubscriberIdentityModule;o GSMAuthenticationA3//A5/A8;o GSMAttachprocedures(IMSIandGPRS);o MachinetoMachine(M2M)(Femtocellcasestudy);o PracticalSIMfraud(casestudy).