5G infrastructure Attacking and Defense – Unhacked! Edition
FULL COURSE ABSTRACT
5G Penetration testing is a critical part of maintaining and fortifying your IP, network and physical security. This Training course prepares participants to conduct successful 5G penetration testing and ethical hacking. Participants will learn about tools and techniques to analyze 5G vulnerabilities, how to perform detailed 5G reconnaissance. ENISA’s threat landscape for 5G Networks and NIST 5G cybersecurity/RMF prepares you with a secure evolution to 5G.
The goal of this practical course is to give the participant a strong and intuitive understanding of what cybersecurity in the 5G systems is and how the security functions are implemented in the 5G, 5G NR, Cloud RAN, MEC, 5GC, Service Based Architecture (SBA), HTTP2/JSON, REST API, and network slices.
Day 1
- 5G different architectures(SA/NSA) and impact on security
- Components of 5G deployments and danger areas
- 5G Domain Security Overview
- 5G RAN and virtualized RAN
- 5G UE, SIM & Handsets and SoCs
- 5G NR Radio access and security principles applied to 5G subscribers
- Anonymization of subscriber’s fixed identity
- Authentication and Key Agreement (AKA)
- Encryption and integrity protection of control-plane and user-plane traffic
- Activation of the security and related signalling procedures
- Impact of new 5G protocols in term of security:
- X2 extensions for NSA deployment
- F1AP
- E1AP
- PFCP
- 5G Core, Service Based Architecture (SBA), Roaming and Interconnect Security
- Infrastructure level deployment, security & risk of NFV (Network Functions Virtualization)
- Benefit and risk of 5G slicing in term of Security
- Understand the risks and attacks on isolation in a 5G multi-tenant environment (Slicing, NFV,SDN)
Day 2
- 5G threat model and risk area
- 5G Intrusion Detection
- Issues with Access Network Flash Network Traffic
- Radio interface key management
- User plane integrity
- DOS Attacks Against Network Infrastructure
- Overload of the signaling plane security issues
- CORE and MEC Threat
- Testbeds and network stacks security perpetration
- 5G Pentest process procedure
Day 3
- Overview of 5G Testing Tools
- Penetration from Air interface and RAN
- Hands-on exercises for CORE and MEC network testing
- Voice over LTE attack and testing.
- 5G attack case study
- 5G Forensics Analysis
- Auditing 5G Security Controls
- Automating 5G Security
KEY TAKEAWAYS
- This training will help to conduct successful 5G penetration testing and ethical hacking. Participants will learn about tools and techniques to analyse 5G vulnerabilities, reconnaissance
- Understanding and implementation of ENISA’s threat landscape for 5G Networks and NIST 5G cybersecurity/RMF a secure evolution to 5G.
- Understand the 5G architecture and the challenges it poses to testing. Select and utilize the technology, tools, and applications available for 5G development and testing. Implement 5G testing practices to prevent failures at any of the different elements of a 5G network.
WHO SHOULD ATTEND
This course is for students, working professionals, or anyone interested to learn more about the exciting topic of 5G mobile network security challenges and solutions. This course assumes an engineering or IT background. An understanding of LTE security procedures would be an advantage as would a basic understanding of mobile network architecture.
STUDENT REQUIREMENTS
- Good knowledge of 4G architectures (LTE & EPC) Basic knowledge of telecom & network principles: What is 2G, 3G.
- OSI network layers.
- Basic knowledge of telecom technologies.
- Good knowledge and usage of Wireshark.
WHAT STUDENTS SHOULD BRING
- A computer capable of running a virtual machine
- VMware and Virtual Box software. (Last version)
WHAT STUDENTS WILL BE PROVIDED WITH
- VMware With All Required Tools.
- Course Material & Documentations
TRAINING PREFERENCE
- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.
BOOK A SEAT
The registration & booking are done directly on MomentERA website. Please follow this link.
ABOUT THE TRAINERS
Akkib Sayad has been working in telecom security field for last 10 years. Currently working as principal telecom security Engineer. Presented in information security conferences such as NullCon 2012, 2015, C0c0n 2014,Nullcon 2017, Nullcon 2021 , Blackhat.
He is hobby is to discover new attacks in telecom network. As telecom security enthusiast, he built proprietary tools for telecom network security assessment.
