This workshop aims at introducing penetration testing methods and principles for Sigtran/MAP-based signaling systems in mobile networks.
During the course participant will gain insight into the signaling protocol related network vulnerabilities by actively using the Kali-Linux pentesting tools, modified and extended for mobile networks environment.
Practical exercises and lecturer guided signaling trace analysis will provide a strong foundation for further studies in the field.
Pre-requisite for Participants:
Participants should have a basic understanding of SS7/Sigtran-based signaling protocols and procedures used in mobile networks core network environment.
A working-level knowledge in Linux environment is recommended for the practical exercises.
Some basic knowledge in C++ and Python is an added advantage.
- SS7 and Sigtran Vulnerabilities
- Purpose and goals of a SS7 pentesting exercises
- Information gathering, network mapping and enumeration
- The SS7 and Sigtran protocol stack for mobile networks
- Sigtran (SCTP and M3UA) description
- Sigtran protocol analysis with Wireshark
- Introducing Kali-Linux and the lab setup
- Exploiting Sigtran
- SCCP, TCAP, MAP and CAP description
- Important Core Network signaling procedures and parameters
- Core Network protocol analysis with Wireshark
- Exploiting Protocols
- Informative: The SigFW Open Source SS7 / Diameter Firewall project
- Exploiting core network node software: Memory overflow exploits
- Testing software: Fuzzing (Fuzz-testing)
- The Smartphone Pentest Framework
- Exploring remote access and malicious apps (Android based)
- Mobile post exploits
All practical exercises will be supported by signaling message flow charts and references to the 3GPP technical specifications and a detailed Wireshark trace discussion.