©  P1  Security.  All  rights  reserved.  

 

 

   

Contact: Philippe Langlois phil@p1sec.com +33 98045 0447

Security Training Course Reference: TS-201

   

TS-201 TELECOM SECURITY Hands-on course with lab testing    

   

©  P1  Security.  All  rights  reserved.  

 

TS-­‐201  Telecom  Security  hands-­‐on  course  with  lab  testing  Security  in  Telecom  Network  

Description  of  Training  Class  This  training  provides  an  in-­‐depth  knowledge  of  telecom  security  problems  and  their  roots  in  the  telecom  systems  

Duration  • Unique  version:  2-­‐3  days  

 

Attendees  will  receive  • Training  material:  Slides  copy  of  the  presenter.  • Virtual  Machine  with  hands  on  exercises  and  SIGTRAN/SS7  tools  

Pre-­‐requisites  of  training  class  • Basic  knowledge  of  telecom  &  network  principles;    

o What  is  2G,  3G,  4G;    o OSI  network  layers;    o Basic  knowledge  of  telecom  technologies  

• Laptop  with  Linux  installed  either  in  a  VM  or  native,  Backtrack  or  Ubuntu  with  reverse  engineering  and  hacking  tools  recommended;  

• Good  knowledge  and  usage  of  Wireshark;  • Basic   skills   and   usage   of   Linux   for   reverse   engineering   (strings,  

knowledge  of  tools  in  a  Backtrack  for  reverse  engineering);  • Legal  IDA  Pro  license  optional,  but  recommended;  • Good  security  background;  • Good  telecom  background  

Covered  in  this  training  SS7  security  and  attacking  telecom  signaling  infrastructure  is  a  practical  SS7  and  Telecom   security   training   to   understand   the   theory   and   practice   hands-­‐on  attacks  and  protections  of  Telecom  signaling  network  in  the  context  of  security  and  frauds.    This  training  provides  engineers  with  an  already  established  knowledge  either  in  telecom   or   security   with   strong   bases   to   understand   and   evaluate   security  problems  within  a  SS7  and  telecom  signaling  environment.    

   

©  P1  Security.  All  rights  reserved.  

• SS7  Security  o SS7  basics  and  possibilities  o SS7  protocols  description  o Telecom  signaling  network  architectures  o SS7  external  access  and  geo-­‐localization  over  http  (Hands  on)  o SS7  low  level  protocols  analysis.  o Low   level   SS7   packet   analysis,   sniffing   and   network   tracing.  

(Hands  on)  o Signalization  attacks.  o SS7  and  SIGTRAN  Audit  methodology.  o Low  level  peering  (M3UA).  o SCTPscan  usage  in  Core  Network  settings  o Scanning   SS7   networks   (from   MTP   to   SCTP   and   upper   SS7).  

(Hands  on)  o SCTP  netcat  (Tool  discovery)  o SS7  higher  level  protocols  (User  Adaptation  layers).  o M3UA  Peering  analysis  vs  M2PA.  (Hands  on)  o Links  and  alerts  (availability,  warnings,  detection).  o Network  elements,  functions,  HLR,  VLR,  STP,  MSC,  3G  alternatives  

• Telecom  signaling  vulnerabilities  o Network  Elements  underlying  technologies.  o Identifying  signalization  and  core  network  equipment:  Proprietary  

OS,   Windows-­‐based,   Linux-­‐based,   Solaris-­‐based.   (Case   study   &  Hands  on)  

o Telecom  signaling  networking  technologies  (microwave,  x25,  AAL  ATM,  serial  links).  

o Attacking  X25  signaling  O&M  (OAM)  infrastructures.  (Hands  on)  o SS7  signaling  equipment  vulnerabilities.  o Huawei  debug  backdoor  aka  pseudo  message.  (Case  study)  o Crafting  SS7  packets  (MSU)  by  hand.  (Hands  on)  o Context  and  network  layers.  o Spoofing  SS7  (Hands  on)  o Network  Element  vulnerability  research:  discovering  zero  days  in  

SS7  equipment  (Hands-­‐on)  o Mobile  Reverse  Engineering  (Hands-­‐on)  o Industrialization   of   vulnerability   scanning   in   SS7   &   SIGTRAN  

context.  • Higher  level  applications.  

o SMS  Fraud  and  abuses.  o SMSC  (kannel)  abuses.  (Hands  on)  o Fraud  management  systems  (FMS)  and  FRA.  o Legal  Interception  (LI)  systems.  o Limits  of  CDR  based  fraud  detection  and  security.  

• Mobile  devices.  o GAN/UMA.  o Subscriber  Identity  Module.  o GSM  Authentication  A3/A8.  o Machine  to  machine  (M2M)  (Femtocell  Case  study).  o Practical  SIM  fraud  (Case  study)  

   

©  P1  Security.  All  rights  reserved.  

 

About  P1  Security  Inc.  P1  Security  is  a  vendor  independent,  technology  pioneer  and  leader  in  Telecom  Security   Audit   products  with   patent   pending   technology   and   top   research   and  development  recognized  by  the  GSM  Association.      Experts   from   P1   Security   give   conferences   and   training   on   SIGTRAN   and   SS7  security  worldwide.      Visit  our  website  at  www.p1sec.com  or  contact  us  for  further  information.        

Contact  Email:  sales@p1sec.com  Web:  http://www.p1security.com  Address:  P1  Security,  231  rue  Saint  Honoré,  75001  Paris,  France