Mobile Network Vulnerabilities and Pentesting
This workshop introduces participants to penetration testing methods and principles for Sigtran / MAP-based and Diameter-based signaling systems in mobile networks.
Participants will gain insights into the signaling protocol related network vulnerabilities by actively using the Kali-Linux pentesting tools, modified and extended for mobile networks environment.
Practical exercises and lecturer-guided signaling trace analysis will provide a strong foundation for further studies in the field.
This course is intended for experienced network engineers, network tuning staff and anyone with network experience who are keen to identify mobile network vulnerabilities and to acquire skills and knowledge to defend mobile networks against attacks.
[Classroom: 3 days / LIVE Virtual*: 21 hours]
- A minimum of 5 or more participants are required for a company-based LIVE Virtual course to commence
- LIVE Virtual courses can be conducted for 5 hours or 7 hours daily. Please note that the number of training days will be extended if you opt for 5 hours daily.
- SS7 and Sigtran Vulnerabilities
- Purpose and Goals of a SS7 Pentesting Exercise
- Information Gathering, Network Mapping and Enumeration
- The SS7 and Sigtran Protocol Stack for Mobile Networks
- Sigtran (SCTP and M3UA) Description
- Sigtran Protocol Analysis with Wireshark
- Introducing Kali-Linux and the Lab Setup
- Exploiting Sigtran
- Nmap and SCTPscan Tools to Locate IP Addresses and Port Numbers
- Enumerating Sigtran Nodes
- SCCP, TCAP, MAP and CAP Description
- Important Core Network Signaling Procedures and Parameters
- Core Network Protocol Analysis with Wireshark
- Exploiting Protocols
- Finding and Tracing Subscribers’ Location
- Global Title Attacks
- Retrieving and Modifying Subscribers’ Profile Parameters and Settings
- CAMEL Services Attacks
- Exploiting Supplementary Services (SS’s)
- SMS Spoofing and Spamming
- GPRS (Internet Access) Exploits
- Diameter Introduction
- Diameter Vulnerabilities
- Attacks occurring on the LTE Roaming Interconnects
- FS.19 GSMA Category 0, 1, 2, 3 Diameter Signaling Messages
- Radio Attacks: IMSI Catching
- Evolution in 5G
All practical exercises will be supported by signaling message flow charts, references to the 3GPP technical specifications and a detailed Wireshark trace discussion.
- A basic understanding of SS7/Sigtran-based signaling protocols and procedures used in the mobile networks core network environment
- A working-level knowledge in Linux environment is recommended for the practical exercises
- Some basic knowledge in C++ and Python is an added advantage