3
©2017 P1 Security. All rights reserved. ² Training Description TS-310 Reversing telecom platforms for security

P1 Training Description TS-310 20171010 Word - P1 Training Description TS-310 20171010.docx Created Date 10/10/2017 9:37:32 AM

  • Upload
    haduong

  • View
    220

  • Download
    1

Embed Size (px)

Citation preview

©2017P1Security.Allrightsreserved.

²

TrainingDescription

TS-310Reversingtelecomplatformsforsecurity

©2017P1Security.Allrightsreserved.

TS-310Reversingtelecomplatformsforsecurity

Descriptionoftraining

Learn about contemporary telecom andmobile system reverse engineering within the context ofTelecomandMobileNetworkoperatorsandhowcoretelecominfrastructureoperate,downtotheusageoftheseservicebyoperators’mobileappsandhandsetmanufacturer’splatforms.

Wewillseefromthemobilehandset(Android,apps,platform)totheenterpriseapplications(iPBX)uptotheCoreNetworkhowareallthesetechnologiesmeshedtogetherandhowtomakesenseoftheirprotocolsandapplications.DurationShortversion:2days.Attendeeswillreceive

• Trainingmaterial: copyof thepresenter’s slides through IntralinksWebplatformtool foraoneYeardurationafterthetraining’sdelivery.

Prerequisitesfortraining

• Basicknowledgeoftelecom&networkprinciples:o Whatis2G,3G;o OSInetworklayers;o Basicknowledgeoftelecomtechnologies;o BasicknowledgeofLinux.

• LaptopwithKaliLinuxinstalledeitherinVMornative;• GoodknowledgeandusageofWireshark;• GoodITsecuritybackground;• BasicskillsandusageofLinuxforreverseengineering(strings,knowledgeoftoolsina

Backtrackenvironmentforreverseengineering).

Coveredinthistraining

Part1:Handsets&subscriberapplications

• Mobilephoneusageofthenetworkandapplications(CS,USSD,SMS,PacketSwitched/Data,VAS).Wewilllookintotheprotocolsusedbythemobile,analysingthemanddetailingwheresecurityproblemscanappear.WewilluseOsmocomBBandtrytoanalysethelivenetworksaroundtheconference;

©2017P1Security.Allrightsreserved.

• Proprietaryappsandtheirinterfacetothetelecomsystems.Wewillseebyreversingsomeproprietaryappshowtheseappsusenon-standardinterfaceswithinthemobilenetwork.Wewilluseframeworksforstaticanalysis(deadcode,binaryform)anddynamicanalysis(liverunningapps,withinexistingphone/handset);

• SamsungAndroidplatform(Android+Proprietaryextensions).WewilllookintoSamsungAndroidplatformspecificsandsecurity;

• Accessnetworkprotocolsanalysis.Wewilllookintothenetworkprotocolsthatareusedbythemobilehandsetstowardthemobilenetwork.

Part2:PBX,Femtocellandenterpriseaccessmethods

• M2Mconnectionreverseengineering;• Corporatedata/PacketSwitchedmobilebroadbandconnectionanalysis.Wewillanalyseand

reversecommonaccesssetupsandprotocolstolookforthevulnerabilitieswithinthesenetworks.Wewilllookintomultiplesolutionforcorporateaccesstothenetwork.Iftimepermits,wewilllookinexisting3G/4Gaccesskitsandtheirvulnerabilities.

• AlcatelLucentOmniPCXiPBX:wewilllookinthetypicalsetupandvulnerabilitiesofmodernPBXforenterpriseaccesses.WewilllookintotheembeddedoperatingsystemofthesePBXbyextractingitfromthehardware;

• CommercialSIPimplementationreverseengineeringandvulnerabilityanalysis;• HardwareembeddedSIPTAauditandreverseengineering;• Femtocellsecurityvulnerabilitiesandreverseengineering.

Part3:CoreNetworkprotocols&networkelement

• WewilldigintoCoreNetworkprotocols,reverseengineersomespecifiedandsomeproprietarytelecomCoreNetworkprotocols;

• Thetrainingwillshowthevariousattacksurfacesforthesenetworksandshowtheimpactofvulnerabilitiesforeachnetworkelement;

• LegacyCoreNetworkelementanalysis:NokiaDX200CoreNetworkElement(legacy,monolithic)descriptionandanalysis;

• HuaweiMGW8900CoreNetworkElement(legacy,monolithic,VxWorks+FPGA)description,analysisandreverseengineering;

• HuaweiHSS/MSCCoreNetworkElement(ATCA,COTS,Linux+FPGA)description,analysisandreverseengineering;

• ZTECoreNetworkElement(ATCA,recent,Linux)description,analysisandreverseengineering.