Training Telco Security: Hacking Core Network Protocols and Beyond

Training Telco Security: Hacking Core Network Protocols and Beyond

From BruCON 2017

Jump to: navigation, search

Telco Security: Hacking Core Network Protocols and Beyond by Philippe Langlois

Course Description

In this training we will dig into Core Network protocols, standardized and proprietary telecom Core Network protocols. The training will show the various attack surfaces for these networks and show the impact of vulnerabilities for each network element.


Key Learning Objectives:

  • SS7 network, protocols and architecture
  • LTE network, protocols and architecture
  • Huawei MGW8900 Core Network Element (legacy, monolithic, VxWorks + FPGA) analysis and vulnerabilities
  • Huawei HSS / MSC Core Network Element (ATCA, recent, Linux + FPGA) analysis and vulnerabilities

Course Contents

Day 1

  • Telecom Security Global Approach
  • Telecom Big Picture
  • Telecom Network Architecture
  • Signaling SS7
  • Hands on SCTP + Hands on SS7
  • LTE Security Introduction

Day 2

  • Hands On LTE
  • GPRS Core Network
  • Attacking GRX
  • Network Element Vulnerability Research
  • Network Element Vulnerability Research Hands On
  • Hackroulette


Students should have a :

  • Basic knowledge of telecom & network principles: what is 2G, 3G, 4G; OSI network layers.
  • Good knowledge and usage of Wireshark.
  • Basic skills and usage of Linux for reverse engineering (strings, knowledge of tools in a Backtrack for reverse engineering).

Hardware / Software Requirements

  • Laptop with Linux installed either in a VM or native, Backtrack recommended.
  • Legal IDA Pro license optional, but recommended.
  • Mobile phone (Android recommended) and working SIM card with sufficient credit for voice, SMS and data.
  • Additional SIM cards optional, but recommended.

Note: We will have some Pre-paid cards available.

Trainer Biography

Philippe Langlois is an entrepreneur and leading security researcher, expert in the domain of telecom and network security. He has founded internationally recognized security companies (Qualys, WaveSecurity, INTRINsec, P1 Security) as well as led technical, development and research teams (Solsoft, TSTF). He founded Qualys and led the world-leading vulnerability assessment service. He founded a pioneering network security company Intrinsec in 1995 in France.

His first business, Worldnet, France's first public Internet service provider, was founded in 1993. Philippe was also lead designer for Payline, one of the first e-commerce payment gateways. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (Interop, BlackHat, HITB, Previously a professor at Ecole de Guerre Economique and various universities in France (Amiens, Marne La Vallée) and internationally (FUSR-U, EERCI, ANRSI). He is a FUSR-U collaborator and founding member.

Philippe advises industry associations (GSM Association Security Group, several national organizations) and governmental officials and contributes to Critical Infrastructure advisory committees and conferences in Telecom and Network security Now, Philippe is providing with P1 Security the first Core Network Telecom Signaling security scanner & auditor which help telecom companies, operators and government analyze where and how their critical telecom network infrastructure can be attacked. He can be reached through his website at: p1security

Mon. 22 - Tue. 23 September 2014 (09:00 - 17:00)


Back to Training Overview