Telco technical

& business courses

available worldwide

Reversing Telecom Platforms for Security

security, fraud, engineers
available worldwide
Ask for offer

Who Should Attend?

This course is aimed at engineers who want to learn about contemporary Telecom and mobile system reverse engineering, the operation of core Telecom infrastructure within the context of Telecom and Mobile Network operators, and how core telecom infrastructure operates — down to the usage of this service by operators’ mobile apps and handset manufacturers’ platforms. Participants will see how all these technologies mesh together and learn how to make sense of the protocols and applications, from the mobile handset (Android, apps, platform) and enterprise applications (iPBX) all the way to Core Network.


Course Scope

  1. Handsets & Subscriber Applications.
    • Mobile Phone Usage of the Network and Applications (CS, USSD, SMS, Packet-switched/Data, VAS) — We will look into the protocols used by mobile phones, analyse them, and detail where security problems can appear. Using OsmocomBB, we will analyse live networks around the conference.
    • Proprietary Apps and their Interface to Telecom Systems — By reversing some proprietary apps, we will see how non-standard interfaces are used within the mobile network. We will use frameworks for both static analysis (dead code, binary form) and dynamic analysis (live running apps, within existing phones/handsets).
    • Samsung Android Platform (Android + Proprietary Extensions) — We will look into Samsung Android platform specifics and security.
    • Access Network Protocol Analysis — We will look into the network protocols that are used by mobile handsets with the mobile network.
  2. PBX, Femtocell, and Enterprise Access Methods.
    • M2M Connection Reverse Engineering.
    • Corporate Data/Packet-switched Mobile Broadband Connection Analysis — We will analyse and reverse common access setups and protocols to look for the vulnerabilities within these networks. We will look into multiple solutions for corporate access to the network. If time permits, we will look into existing 3G/4G access kits and their vulnerabilities.
    • Alcatel Lucent OmniPCX iPBX — We will look into the typical setup and vulnerabilities of modern PBX for enterprise access. We will look into the embedded operating system of PBX by extracting it from the hardware.
    • Commercial SIP Implementation Reverse Engineering and Vulnerability Analysis.
    • Hardware Embedded SIP TA Audit and Reverse Engineering.
    • Femtocell Security Vulnerabilities and Reverse Engineering.
  3. Core Network Protocols and Network Elements.
    • We will dig into Core Network protocols, reverse engineer some specified and some proprietary Telecom Core Network protocols.
    • The training will show the various attack surfaces for these networks and show the impact of vulnerabilities for each network element.
    • Legacy Core Network Element Analysis; Nokia DX200 Core Network Element (legacy, monolithic)—description and analysis.
    • Huawei MGW8900 Core Network Element (legacy, monolithic, VxWorks + FPGA) — description, analysis, and reverse engineering.
    • Huawei HSS / MSC Core Network Element (ATCA, recent, Linux + FPGA) — description, analysis, and reverse engineering.
    • ZTE Core Network Element (ATCA, recent, Linux) — description, analysis, and reverse engineering.


  • Basic knowledge of Telecom and network principles; 2G, 3G, 4G; OSI network layers; basic knowledge of Telecom technology.
  • Laptop with Linux installed either in a VM or native. Backtrack or Ubuntu with reverse engineering and hacking tools recommended.
  • Understand and be able to use Wireshark and Linux for reverse engineering (strings, knowledge of tools in Backtrack for reverse engineering).
  • Mobile phone (Android recommended) and working SIM card with sufficient credit for voice, SMS, and data.
  • Additional SIM cards recommended.
  • Legal IDA Pro license recommended.


Training Structure

Five-day training divided into logical sessions.



Instructor-led training. Participants will receive an evaluation access vulnerability scanner for telecom infrastructure and a developer account for mobile security platform.

Regardless of technology I received theoretical and practical answers.

Mr. Kosta Pribić, T-Mobile Croatia

Good direct connection between course material and real problems.

Mr. Alex Konstantopoulos, Cosmote, GR

Many different people from different operators can share their problems and ideas.

Mr. Omar El-Fiky, Vodafone Egypt

Overwhelming knowledge and expertise. Interactive and enjoyable learning.

Mr. Ashish Shrestha, NCell Nepal

Good class notes and great examples.

Mr. Ghaffar Masood, Mobilink Pakistan

Perfect course.

Mr. Arseniy Mazanik, Beeline Russia

Excellent, knowledgeable trainer, open to communication.

Mr. Dmitrii Kropotov, Tele2 Russia

Excellent course and instructor.

Mr. Nikolay Suetin, Beeline Russia

More than excellent course!

Ms. Inessa Mijiferjyan, Vivacell

The training is completely excellent.

Mr. Philipp Korostelev, Beeline Moscow

The course exceeded my expectations. Hats off!

Mr. Adnan Syed, Mobily

Everyone gets individual attention from the trainer.

Ms. Inga Tomsone, Tele2 Latvia

Trainers have passion to teach & impart knowledge.

Mr. Kanchan Chitrakar, Ncell Nepal

Trainer understands local market experience.

Mr. Andrew Sweetman, Wataniya

Excellent exercises!

Mr. Muhammad Ali, Mobilink Pakistan

A good approach to a complex problem.

Ms. Horia Catrinoiu, Vodafone RO

The trainer is capable of answering all my questions.

Ms. Ana Gheorghe, Vodafone RO

Really practical and very fruitful training.

Mr. Niroj Raya, NCell Nepal

I am very impressed with the trainer's knowledge and experience.

Mr. Mouin Al Saghir, Vivacell

Seminar entirely for Telecommunication operators. A lot of issues covered.

Ms. Pinelopi Tragoudara, Vodafone GR

Experienced trainer. Real cases with references to recommendations.

Mr. David Curkan, T-Mobile Croatia

The whole course was very valuable.

Mr. Sayyid Ali, Dhiraagu Maldives

Trainer is open for comments and discussion.

Ms. Natalya Nerubenko, Life Ukraine

The course covers all the impacted areas.

Ms. Gratia Scanteie, Vodafone, RO

Very clear explanations.

Ms. Tatyana Krasyuk, Life Ukraine

A clear picture of GSM switching and signalling.

Ms. Anette Chale, mCel Mozambique

I received a lot of useful information which I use in my work every day.

Ms. Viktoriya Gusarova, Beeline RU

Professional, high-quality trainer.

Mr. Gagik Shatveryan, Vivacell

Great teacher with deep knowledge and experience.

Mr. Philippe Wrzecionek, TATA

Deep and detailed topic analysis.

Mr. Mohamed Sabry, Vodafone Egypt

Course covers all important issues and presents relevant examples.

Mr. Mohamed Kamel, Vodafone Egypt

Good logical structure of the course and explanation.

Ms. Elena Shevtsova, Beeline, KZ

The best training ever.

Mr. Timur Zagretdinov, MTT Russia

Excellent knowledge from the trainer.

Ms. Catherine Barman, Swisscom

Experienced trainer. Excellent descriptions.

Mr. Ahmad Doar, Mobily, KSA

I can proudly recommend these courses for others as well.

Mr. Tarvo Jammer, Elisa Estonia

Trainer understands local market experience.

Mr. Andrew Sweetman, Wataniya

The training exceeded my expectations.

Ms. Irida Gjashta, AMC Albania

This course will be very useful in my daily work.

Mr. Leopoldino Ferreira, Unitel Angola

A lot of useful materials and knowledge.

Mr. Shukhrat Khaydar, UCell

Training was above expectations!

Mr. Ariel Haxhiu, Eagle Mobile, AL

Very well organized training programmes.

Mr. Mihnea Teodorescu, Cosmote, RO

Trainer was able to answer practical questions.

Mr. Daniel Krolikowski, Play Poland

Training provides useful methods to analyze real protocols.

Mr. Seema Karn, NCell Nepal

Highly professional trainer with lots of practical experience. Friendly and open.

Ms. Olga Rudnicka, Tele2 Latvia

Unique training covering the most important areas of my work.

Mr. Eldar Mursaqulov, Azercell

Amazing, more than excellent, audience-oriented trainer.

Mr. Evgeniy Dmitriev, Astelit Ukraine

Trainer adapted to the expectations of the audience.

Mr. Antoine Blanchet, Monaco Telecom

Very effective training methods.

Ms. Erjona Xhemali, AMC Albania

Excellent methodology of teaching. Simple and easy to understand training.

Mr. Arben Shabani, PTK Kosovo

I feel like the trainer is the best professor and mentor one can have.