SS7 Pentest Workshop
This workshop aims at introducing penetration testing methods and principles for Sigtran/MAP-based signaling systems in mobile networks. During the course, participants will gain insights into the signaling protocol related network vulnerabilities by actively using the Kali-Linux pentesting tools, modified and extended for mobile networks environment. Practical exercises and lecturer guided signaling trace analysis will provide a strong foundation for further studies in the field.
[Classroom: 3 days / LIVE Virtual*: 21 hours]
- A minimum of 5 or more participants are required for a company-based LIVE Virtual course to commence
- LIVE Virtual courses can be conducted for 5 hours or 7 hours daily. Please note that the number of training days will be extended if you opt for 5 hours daily.
- SS7 and Sigtran Vulnerabilities
- Purpose and Goals of a SS7 Pentesting Exercise
- Information Gathering, Network Mapping and Enumeration
- The SS7 and Sigtran Protocol Stack for Mobile Networks
- Sigtran (SCTP and M3UA) description
- Sigtran Protocol Analysis with Wireshark
- Introducing Kali-Linux and the Lab Setup
- Exploiting Sigtran
- SCCP, TCAP, MAP and CAP Description
- Important Core Network Signaling Procedures and Parameters
- Core Network Protocol Analysis with Wireshark
- Exploiting Protocols
- Informative: The SigFW Open Source SS7 / Diameter Firewall Project
- Exploiting Core Network Node Software: Memory Overflow Exploits
- Testing Software: Fuzzing (Fuzz-testing)
- The Smartphone Pentest Framework
- Exploring Remote Access and Malicious Apps (Android-Based)
- Mobile Post Exploits
All practical exercises will be supported by signaling message flow charts and references to the 3GPP technical specifications and a detailed Wireshark trace discussion.
- Participants should have a basic understanding of SS7/Sigtran-based signaling protocols and procedures used in mobile networks core network environment.
- A working-level knowledge in Linux environment is recommended for the practical exercises.
- Some basic knowledge in C++ and Python is an added advantage.