SS7 Pentest Workshop

Security locks in a network environment to protect network from network vulnerabilities

This workshop aims at introducing penetration testing methods and principles for Sigtran/MAP-based signaling systems in mobile networks. During the course, participants will gain insights into the signaling protocol related network vulnerabilities by actively using the Kali-Linux pentesting tools, modified and extended for mobile networks environment. Practical exercises and lecturer guided signaling trace analysis will provide a strong foundation for further studies in the field.

Instructor-Led Training
[Classroom: 3 days / LIVE Virtual*: 21 hours]
  • A minimum of 6 or more participants are required for a company-based LIVE Virtual course to commence
  • LIVE Virtual courses can be conducted for 5 hours or 7 hours daily. Please note that the number of training days will be extended if you opt for 5 hours daily.
28 – 31 Mar 2022 (Mon – Thu), GMT +08:00
  1.   SS7 and Sigtran Vulnerabilities
  2.   Purpose and Goals of a SS7 Pentesting Exercise
  3.   Information Gathering, Network Mapping and Enumeration
  4.   The SS7 and Sigtran Protocol Stack for Mobile Networks
  5.   Sigtran (SCTP and M3UA) description
  6.   Sigtran Protocol Analysis with Wireshark
  7.   Introducing Kali-Linux and the Lab Setup
  8.   Exploiting Sigtran
  9.   SCCP, TCAP, MAP and CAP Description
  10.   Important Core Network Signaling Procedures and Parameters
  11.   Core Network Protocol Analysis with Wireshark
  12.   Exploiting Protocols
  13.   Informative: The SigFW Open Source SS7 / Diameter Firewall Project
  14.   Exploiting Core Network Node Software: Memory Overflow Exploits
  15.   Testing Software: Fuzzing (Fuzz-testing)
  16.   The Smartphone Pentest Framework
  17.   Exploring Remote Access and Malicious Apps (Android-Based)
  18.   Mobile Post Exploits

All practical exercises will be supported by signaling message flow charts and references to the 3GPP technical specifications and a detailed Wireshark trace discussion.

  • Participants should have a basic understanding of SS7/Sigtran-based signaling protocols and procedures used in mobile networks core network environment.
  • A working-level knowledge in Linux environment is recommended for the practical exercises.
  • Some basic knowledge in C++ and Python is an added advantage.
Print Friendly, PDF & Email
Add to Wishlist
Duration: Classroom: 3 days / LIVE Virtual: 21 hours
Delivery Format: Virtual Training

Upcoming Classes

You cannot copy content of this page