Tuesday, November 8, 2016

Penetration Testing of a Telco Company [CORE]

Over the past few years/months... Theres been a lot of chatter about penetration testing and security of telecommunication companies, however the biggest hinderance to this has however been, well you guessed it, access:

from, tools, resources, money and well knowledge.

As a step to help out on the community, I will be releasing some of the materials to familiarize the intended audience (student, lectures, humans and fellow security enthusiasts) from this basically knowledge and tools.

We will be looking at security in telcos now not only in the Air & Abis layer but also the protocols, and the infrastructure, the core networks so :

SS7
Diameter
GGSN
GRX
HLR&VLR

we are coming for you: :) , I will also start this in a point of explaining how telcos work and the heavy accronyms behind them, then after we will dive into setting up some test/lab facilities, then move on to the security side of them, the 4-6 part series will be broken down so everyone can chime in :) feel free to engage.

4 comments:

Unknown said...

Awesome stuff... When do we start?

Mercado Livre said...

Hello, my name is Felipe Cerqueira and I have worked 10 years developing telecom plataforms (mainly SMPP gateways and Diameter services). I have created a FDA plataform using raw sigtran development too.
Now I am back working on security again. With pentest basically. Well... I would like to colaborate if you think it will be interesting, let me know: skylazart@gmail.com. See you

Stephen said...

Very interesting approach! A large area of research too little explored and very poorly documented ...

Brian Oyigo said...

Hey Jade,

I'm really interested in this.

Has it started yet?

Regards

Post a Comment

Dynamic Binary Instrumentation (pt2)

Quick how to: After install of Frida on your machine, you will need to install your server agent on your (use case is phone) iphone/andro...