TS-201 TELECOM SECURITY HANDSON COURSE

SS7 Security:

• SS7 basics and possibilities
• SS7 protocols description
• Telecom signalling networks architectures
• SS7 external access SS7Map review
• SS7 low level protocols analysis
• Low level SS7 packets analysis, sniffing and network tracing
• Signalling attacks
• SS7 and SIGTRAN audit methodology
• Low level peering (M3UA and SCCP)
• SCTP scan usage and attack

Telecom signalling vulnerabilities:

• Network elements underlying technologies
• Identifying signalling and core network equipment: proprietary OS, Windowsbased, Linux-based
• GPRS signalling technologies (GTP-C, GTP-U and GTP prime) and known vulnerabilities
• Attacking GPRS and GTP-scanning
• Attack scenarios and case studies from GRX and SCCP providers
• Attacking O&M (OAM & Management) infrastructures
• SS7 signalling equipment vulnerabilities
• Crafting SS7 packets (MSU) by hand
• Context and network layers
• Spoofing SS7
• Network element vulnerability research: discovering zero days in SS7 equipment
• Industrialization of vulnerability scanning in SS7 & SIGTRAN context
• RADIUS protocol, usage and possible attacks.

Higher level applications:

• SMS fraud and abuses
• Fraud management systems (FMS) and FRA
• Lawful Interception (LI) systems
• Limits of CDR based fraud detection and security
• Mobile Application Part (MAP) message analysis and attack traffic
• GSMA MAP screening recommendations (Cat1, Cat2, Cat3, Cat3+ and Cat SMS)
• Examination of SS7 attack scenarios from national and International perimeters