Mobile Network Vulnerabilities and Pentesting

Teacher

Yunqi Ye

Category:

Cyber Security

Course Overview

This course focuses on mobile network security and introduces participants to penetration testing methods and principles for Sigtran / MAP-based and Diameter-based signaling systems in mobile networks.

Participants will gain insights into the signaling protocol related network vulnerabilities by actively using the Kali Linux pentesting tools, modified and extended for mobile networks environment. This method of ethical hacking is done to resolve issues such as phishing and data leakage, which are prevalent in this time.

Practical exercises and lecturer-guided signaling trace analysis will provide a strong foundation for further studies in the field.

Target Audience

This course is intended for experienced network engineers, network tuning staff and anyone with network experience who are keen to identify mobile network vulnerabilities and to acquire skills and knowledge to defend mobile networks against attacks.

Duration & Training Format

Instructor-Led Training
[Classroom: 3 days / LIVE Virtual*: 21 hours]

*Note:

A minimum of 6 or more participants are required for a company-based LIVE Virtual course to commence
LIVE Virtual courses can be conducted for 5 hours or 7 hours daily. Please note that the number of training days will be extended if you opt for 5 hours daily.

Upcoming Course Dates

30 May – 2 Jun 2022 (Mon – Thu), GMT +08:00

Course Outline

SS7 and Sigtran Vulnerabilities

Purpose and Goals of a SS7 Pentesting Exercise

Information Gathering, Network Mapping and Enumeration

The SS7 and Sigtran Protocol Stack for Mobile Networks

Sigtran (SCTP and M3UA) Description

Sigtran Protocol Analysis with Wireshark

Introducing Kali-Linux and the Lab Setup

Exploiting Sigtran

Nmap and SCTPscan Tools to Locate IP Addresses and Port Numbers
Enumerating Sigtran Nodes

SCCP, TCAP, MAP and CAP Description

Important Core Network Signaling Procedures and Parameters

Core Network Protocol Analysis with Wireshark

Exploiting Protocols

Finding and Tracing Subscribers’ Location
Global Title Attacks
Retrieving and Modifying Subscribers’ Profile Parameters and Settings
CAMEL Services Attacks
Exploiting Supplementary Services (SS’s)
SMS Spoofing and Spamming
GPRS (Internet Access) Exploits

Diameter Introduction

Diameter Vulnerabilities

Attacks occurring on the LTE Roaming Interconnects

FS.19 GSMA Category 0, 1, 2, 3 Diameter Signaling Messages

Radio Attacks: IMSI Catching

Evolution in 5G

All practical exercises will be supported by signaling message flow charts, references to the 3GPP technical specifications and a detailed Wireshark trace discussion.

Pre-requisites

A basic understanding of SS7/Sigtran-based signaling protocols and procedures used in the mobile networks core network environment
A working-level knowledge in Linux environment is recommended for the practical exercises
Some basic knowledge in C++ and Python is an added advantage

Testimonials

“Very detailed explanation on protocol stack on every later and protocols in each layer. I now have a better understanding on SS7 signalling from end to end and the architecture of Mobile components in telco environment.”