p1 training description ts-201 20171004 v4 jbt · pdf filecovered in this training this is a...
TRANSCRIPT
![Page 1: P1 Training Description TS-201 20171004 v4 JBT · PDF fileCovered in this training This is a practical SS7 and telecom security training. It aims at understanding the theory and practice](https://reader031.vdocument.in/reader031/viewer/2022030420/5aa7e4f97f8b9a50528cf032/html5/thumbnails/1.jpg)
©2017P1Security.Allrightsreserved.
²
TrainingDescription
TS-201TelecomSecurityhands-oncoursewithlabtesting
![Page 2: P1 Training Description TS-201 20171004 v4 JBT · PDF fileCovered in this training This is a practical SS7 and telecom security training. It aims at understanding the theory and practice](https://reader031.vdocument.in/reader031/viewer/2022030420/5aa7e4f97f8b9a50528cf032/html5/thumbnails/2.jpg)
©2017P1Security.Allrightsreserved.
TS-201TelecomSecurityhands-oncoursewithlabtesting
Descriptionoftraining
Thistrainingprovidesanin-depthknowledgeoftelecomsecurityproblemsandtheirrootsinthetelecomsystemsfocusedonSIGTRAN,SS7,GPRSandGRXtechnologiesaswellasattacksagainsttelecomnetworkelements,architectureanddesignofvarious3GPPreleases.Duration
Uniqueversion:3days.
Attendeeswillreceive
• Trainingmaterial:copyofthepresenter’sslidesthroughIntralinksWebplatformtoolforaoneYeardurationafterthetraining’sdelivery.
Prerequisitesfortraining
• Basicknowledgeoftelecom&networkprinciples:o Whatis2G,3G;o OSInetworklayers;o Basicknowledgeoftelecomtechnologies;o BasicknowledgeofLinux.
• LaptopwithKaliLinuxinstalledeitherinVMornative;• GoodknowledgeandusageofWireshark;• GoodITsecuritybackground.
Coveredinthistraining
ThisisapracticalSS7andtelecomsecuritytraining.Itaimsatunderstandingthetheoryandpracticeofattacksandprotectionsoftelecomsignallingnetworks,inthecontextofsecurityandfraud.
Thistrainingprovidesengineerswhoalreadyhaveanestablishedknowledge,eitherintelecomorITsecurity,tounderstandandevaluatesecurityproblemswithinanSS7andtelecom-signalingenvironment.
• SS7Security:o SS7basicsandpossibilities;o SS7protocolsdescription;o Telecomsignallingnetworksarchitectures;o SS7externalaccessSS7Mapreview;o SS7lowlevelprotocolsanalysis;o LowlevelSS7packetsanalysis,sniffingandnetworktracing;o Signallingattacks;o SS7andSIGTRANauditmethodology;
![Page 3: P1 Training Description TS-201 20171004 v4 JBT · PDF fileCovered in this training This is a practical SS7 and telecom security training. It aims at understanding the theory and practice](https://reader031.vdocument.in/reader031/viewer/2022030420/5aa7e4f97f8b9a50528cf032/html5/thumbnails/3.jpg)
©2017P1Security.Allrightsreserved.
o Lowlevelpeering(M3UAandSCCP);o SCTPscanusageandattackscenariosincorenetworksettings;o ScanningSS7networks-fromMTPtoSCTPandupperSS7;o SS7upperlevelprotocols(UserAdaptationlayers);o Networkelementsandtheirfunctions,HLR,VLR,STP,SCP,BTS,GGSN,SGSN,MSC,3G
alternatives.
• Telecomsignallingvulnerabilities:o Networkelementsunderlyingtechnologies;o Identifyingsignallingandcorenetworkequipment:proprietaryOS,Windows-based,
Linux-based;o GPRSsignallingtechnologies(GTP-C,GTP-UandGTPprime)andknown
vulnerabilities;o AttackingGPRSandGTP-scanning;o AttackscenariosandcasestudiesfromGRXandSCCPproviders;o AttackingO&M(OAM&Management)infrastructures;o SS7signallingequipmentvulnerabilities;o CraftingSS7packets(MSU)byhand;o Contextandnetworklayers;o SpoofingSS7;o Networkelementvulnerabilityresearch:discoveringzerodaysinSS7equipment;o IndustrializationofvulnerabilityscanninginSS7&SIGTRANcontext;o RADIUSprotocol,usageandpossibleattacks.
• Higherlevelapplications:
o SMSfraudandabuses;o Fraudmanagementsystems(FMS)andFRA;o LawfulInterception(LI)systems;o LimitsofCDRbasedfrauddetectionandsecurity;o MobileApplicationPart(MAP)messageanalysisandattacktraffic;o GSMAMAPscreeningrecommendations(Cat1,Cat2,Cat3,Cat3+andCatSMS);o ExaminationofSS7attackscenariosfromnationalandInternationalperimeters.