©2017P1Security.Allrightsreserved.
²
TrainingDescription
TS-310Reversingtelecomplatformsforsecurity
©2017P1Security.Allrightsreserved.
TS-310Reversingtelecomplatformsforsecurity
Descriptionoftraining
Learn about contemporary telecom andmobile system reverse engineering within the context ofTelecomandMobileNetworkoperatorsandhowcoretelecominfrastructureoperate,downtotheusageoftheseservicebyoperators’mobileappsandhandsetmanufacturer’splatforms.
Wewillseefromthemobilehandset(Android,apps,platform)totheenterpriseapplications(iPBX)uptotheCoreNetworkhowareallthesetechnologiesmeshedtogetherandhowtomakesenseoftheirprotocolsandapplications.DurationShortversion:2days.Attendeeswillreceive
• Trainingmaterial: copyof thepresenter’s slides through IntralinksWebplatformtool foraoneYeardurationafterthetraining’sdelivery.
Prerequisitesfortraining
• Basicknowledgeoftelecom&networkprinciples:o Whatis2G,3G;o OSInetworklayers;o Basicknowledgeoftelecomtechnologies;o BasicknowledgeofLinux.
• LaptopwithKaliLinuxinstalledeitherinVMornative;• GoodknowledgeandusageofWireshark;• GoodITsecuritybackground;• BasicskillsandusageofLinuxforreverseengineering(strings,knowledgeoftoolsina
Backtrackenvironmentforreverseengineering).
Coveredinthistraining
Part1:Handsets&subscriberapplications
• Mobilephoneusageofthenetworkandapplications(CS,USSD,SMS,PacketSwitched/Data,VAS).Wewilllookintotheprotocolsusedbythemobile,analysingthemanddetailingwheresecurityproblemscanappear.WewilluseOsmocomBBandtrytoanalysethelivenetworksaroundtheconference;
©2017P1Security.Allrightsreserved.
• Proprietaryappsandtheirinterfacetothetelecomsystems.Wewillseebyreversingsomeproprietaryappshowtheseappsusenon-standardinterfaceswithinthemobilenetwork.Wewilluseframeworksforstaticanalysis(deadcode,binaryform)anddynamicanalysis(liverunningapps,withinexistingphone/handset);
• SamsungAndroidplatform(Android+Proprietaryextensions).WewilllookintoSamsungAndroidplatformspecificsandsecurity;
• Accessnetworkprotocolsanalysis.Wewilllookintothenetworkprotocolsthatareusedbythemobilehandsetstowardthemobilenetwork.
Part2:PBX,Femtocellandenterpriseaccessmethods
• M2Mconnectionreverseengineering;• Corporatedata/PacketSwitchedmobilebroadbandconnectionanalysis.Wewillanalyseand
reversecommonaccesssetupsandprotocolstolookforthevulnerabilitieswithinthesenetworks.Wewilllookintomultiplesolutionforcorporateaccesstothenetwork.Iftimepermits,wewilllookinexisting3G/4Gaccesskitsandtheirvulnerabilities.
• AlcatelLucentOmniPCXiPBX:wewilllookinthetypicalsetupandvulnerabilitiesofmodernPBXforenterpriseaccesses.WewilllookintotheembeddedoperatingsystemofthesePBXbyextractingitfromthehardware;
• CommercialSIPimplementationreverseengineeringandvulnerabilityanalysis;• HardwareembeddedSIPTAauditandreverseengineering;• Femtocellsecurityvulnerabilitiesandreverseengineering.
Part3:CoreNetworkprotocols&networkelement
• WewilldigintoCoreNetworkprotocols,reverseengineersomespecifiedandsomeproprietarytelecomCoreNetworkprotocols;
• Thetrainingwillshowthevariousattacksurfacesforthesenetworksandshowtheimpactofvulnerabilitiesforeachnetworkelement;
• LegacyCoreNetworkelementanalysis:NokiaDX200CoreNetworkElement(legacy,monolithic)descriptionandanalysis;
• HuaweiMGW8900CoreNetworkElement(legacy,monolithic,VxWorks+FPGA)description,analysisandreverseengineering;
• HuaweiHSS/MSCCoreNetworkElement(ATCA,COTS,Linux+FPGA)description,analysisandreverseengineering;
• ZTECoreNetworkElement(ATCA,recent,Linux)description,analysisandreverseengineering.