Telco technical

& business courses

available worldwide

Telecom Security Hands-on Course With Lab Testing

3 days
security, fraud, engineers
available worldwide
Ask for offer

Who Should Attend?

This course is aimed at engineers with a background in Telecom or security who want to better understand and evaluate security problems within an SS7 and Telecom Signalling environment.

 

Course Scope

This course is a practical SS7 and Telecom security training both to learn the theory and practice hands-on attack and protection of Telecom signalling networks in the context of security and fraud.

  1. SS7 Security.
    • SS7 Basics and Possibilities.
    • Description of SS7 protocols.
    • Telecom Signaling Network Architectures.
    • SS7 External Access and Geo-localisation over http (hands-on).
    • SS7 Low-level Protocols Analysis.
    • Low-level SS7 Packet Analysis, Sniffing and Network Tracing (hands-on).
    • Signalisation Attacks.
    • SS7 and SIGTRAN Audit Methodology.
    • Low-level Peering (M3UA and SCCP).
    • SCTP Scan Usage in Core Network Settings
    • Scanning SS7 Networks (MTP, SCTP, and upper SS7)(hands-on).
    • SCTP Netcat (Tool Discovery)
    • SS7 Higher-level Protocols (User Adaptation Layers).
    • M3UA Peering Analysis vs. M2PA (hands-on).
    • Links and Alerts (availability, warnings, and detection).
    • Network Elements, Functions, HLR, VLR, STP, SCP, BTS, GGSN, SGSN, MSC, 3G Alternatives.
  2. Telecom Signalling Vulnerabilities.
    • Network Elements: Underlying Technologies.
    • Identifying Signalisation and Core Network Equipment: Proprietary OS, Windows-based, Linux-based, Solaris-based (case study and hands-on).
    • GPRS Signalling Technologies(GTP-C, GTP-U and GTP prime)and Known Vulnerabilities
    • Attacking GPRS and GTP-scanning.
    • Attack Scenarios and Case Studies from GRX and SCCP Providers
    • Attacking O&M (OAM & Management) Infrastructure.
    • SS7 Signalling Equipment Vulnerabilities.
    • Huawei De-bug Backdoor, aka Pseudmessage (case study)
    • Crafting SS7 Packets (MSU) by hand (hands-on).
    • Context and Network Layers.
    • Spoofing SS7 (hands-on).
    • Network Element Vulnerability Research: Discovering Zeroday in SS7 Equipment (hands-on).
    • Mobile Reverse Engineering (hands-on).
    • Industrialisation of Vulnerability Scanning in SS7 & SIGTRAN Context.
    • RADIUS Protocol, Usage and Possible Attacks
  3. Higher-level Applications.
    • SMS Fraud and Abuse.
    • SMSC (Kannel) Abuses (hands-on).
    • Fraud Management Systems (FMS) and FRA.
    • Legal Interception (LI) Systems.
    • Limits of CDR-based Fraud Detection and Security.
    • Mobile Application Part(MAP) Message Analysis and Attack Traffic
    • GSMA MAP screening recommendations(Cat1, Cat2, Cat3, Cat3+ and Cat SMS.
    • Examination of SS7 Attack Scenarios from National and International Perimeters.
  4. Mobile Devices.
    • GAN/UMA.
    • Subscriber Identity Module.
    • GSM Authentication A3/A8.
    • Machine to machine (M2M) (Femtocell case study), Practical SIM Fraud (case study).

 

Prerequisites

  • Basic knowledge of telecom & network principles:
    • 2G, 3G, 4G.
    • OSI network layers.
    • Basic knowledge of Telecom technologies.
  • Good knowledge and usage of Wireshark.
  • Basic skills and usage of Linux for reverse engineering (strings, knowledge of tools in a Backtrack for reverse engineering).
  • Laptop with Linux installed either in a VM or native, Backtrack or Ubuntu with reverse engineering and hacking tools recommended.
  • Legal IDA Pro license recommended.
  • Good security background.
  • Good telecom background.

 

Training Structure

Three-day training divided into logical sessions.

 

Methodology

Instructor-led training. Hands-on course with lab testing. Participants will receive a virtual machine with hands-on exercises and SIGTRAN/SS7 tools.

Nearest Available Open Courses

04 November 2019
3 days
Paris, France
€3600
Register

The trainer is capable of answering all my questions.

Ms. Ana Gheorghe, Vodafone RO

Very well organized training programmes.

Mr. Mihnea Teodorescu, Cosmote, RO

More than excellent course!

Ms. Inessa Mijiferjyan, Vivacell

I can proudly recommend these courses for others as well.

Mr. Tarvo Jammer, Elisa Estonia

I am very impressed with the trainer's knowledge and experience.

Mr. Mouin Al Saghir, Vivacell

Professional, high-quality trainer.

Mr. Gagik Shatveryan, Vivacell

Great teacher with deep knowledge and experience.

Mr. Philippe Wrzecionek, TATA

Many different people from different operators can share their problems and ideas.

Mr. Omar El-Fiky, Vodafone Egypt

The training exceeded my expectations.

Ms. Irida Gjashta, AMC Albania

Trainers have passion to teach & impart knowledge.

Mr. Kanchan Chitrakar, Ncell Nepal

Experienced trainer. Real cases with references to recommendations.

Mr. David Curkan, T-Mobile Croatia

Overwhelming knowledge and expertise. Interactive and enjoyable learning.

Mr. Ashish Shrestha, NCell Nepal

The course covers all the impacted areas.

Ms. Gratia Scanteie, Vodafone, RO

Training provides useful methods to analyze real protocols.

Mr. Seema Karn, NCell Nepal

Regardless of technology I received theoretical and practical answers.

Mr. Kosta Pribić, T-Mobile Croatia

Everyone gets individual attention from the trainer.

Ms. Inga Tomsone, Tele2 Latvia

A lot of useful materials and knowledge.

Mr. Shukhrat Khaydar, UCell

The training is completely excellent.

Mr. Philipp Korostelev, Beeline Moscow

Trainer is open for comments and discussion.

Ms. Natalya Nerubenko, Life Ukraine

I received a lot of useful information which I use in my work every day.

Ms. Viktoriya Gusarova, Beeline RU

Deep and detailed topic analysis.

Mr. Mohamed Sabry, Vodafone Egypt

Good class notes and great examples.

Mr. Ghaffar Masood, Mobilink Pakistan

The course exceeded my expectations. Hats off!

Mr. Adnan Syed, Mobily

Excellent, knowledgeable trainer, open to communication.

Mr. Dmitrii Kropotov, Tele2 Russia

Trainer understands local market experience.

Mr. Andrew Sweetman, Wataniya

Trainer adapted to the expectations of the audience.

Mr. Antoine Blanchet, Monaco Telecom

Trainer was able to answer practical questions.

Mr. Daniel Krolikowski, Play Poland

The whole course was very valuable.

Mr. Sayyid Ali, Dhiraagu Maldives

Really practical and very fruitful training.

Mr. Niroj Raya, NCell Nepal

A clear picture of GSM switching and signalling.

Ms. Anette Chale, mCel Mozambique

Very effective training methods.

Ms. Erjona Xhemali, AMC Albania

Unique training covering the most important areas of my work.

Mr. Eldar Mursaqulov, Azercell

The best training ever.

Mr. Timur Zagretdinov, MTT Russia

Perfect course.

Mr. Arseniy Mazanik, Beeline Russia

Highly professional trainer with lots of practical experience. Friendly and open.

Ms. Olga Rudnicka, Tele2 Latvia

Experienced trainer. Excellent descriptions.

Mr. Ahmad Doar, Mobily, KSA

Training was above expectations!

Mr. Ariel Haxhiu, Eagle Mobile, AL

This course will be very useful in my daily work.

Mr. Leopoldino Ferreira, Unitel Angola

Good direct connection between course material and real problems.

Mr. Alex Konstantopoulos, Cosmote, GR

Excellent exercises!

Mr. Muhammad Ali, Mobilink Pakistan

Excellent methodology of teaching. Simple and easy to understand training.

Mr. Arben Shabani, PTK Kosovo

Excellent knowledge from the trainer.

Ms. Catherine Barman, Swisscom

Very clear explanations.

Ms. Tatyana Krasyuk, Life Ukraine

Excellent course and instructor.

Mr. Nikolay Suetin, Beeline Russia

I feel like the trainer is the best professor and mentor one can have.

Ms. Ledia Meici, AMC Albania

Seminar entirely for Telecommunication operators. A lot of issues covered.

Ms. Pinelopi Tragoudara, Vodafone GR

A good approach to a complex problem.

Ms. Horia Catrinoiu, Vodafone RO

Amazing, more than excellent, audience-oriented trainer.

Mr. Evgeniy Dmitriev, Astelit Ukraine

Trainer understands local market experience.

Mr. Andrew Sweetman, Wataniya

Course covers all important issues and presents relevant examples.

Mr. Mohamed Kamel, Vodafone Egypt

Good logical structure of the course and explanation.