Attacking and Defending 5G Cores

5G core networks, with their promise of tailored connectivity and enhanced capabilities, have become increasingly popular across industries from diverse sectors ranging from manufacturing, healthcare and smart cities to defense networks. With the integration of mission- critical systems and sensitive data transmission, organizations face an urgent need to fortify their 5G core networks against evolving cyber threats.

One of the critical challenges here lies in the shortage of expertise and the requisite skillset to effectively secure 5G networks. This gap manifests in various stages, from the initial deployment phase to ongoing testing and adaptation. The need for specialized knowledge in mobile network attacks, secure deployment practices, and testing methodologies becomes apparent and our training is your key to mastering the art of safeguarding private 5G networks.

This training program is not just about theory; it’s a journey through practical application and real- world scenarios. Get ready to immerse yourself in hands-on exercises, simulations, and practical demonstrations that mirror the challenges faced by 5G security professionals. The training will cover a wide range of topics, including 5G network architecture, threat modeling, risk assessment, defense-in-depth strategies and 5G security features and their role in protecting the modern day virtualized core networks against potential attacks.

Through practical exercises and case studies, hackathon experiences, participants will learn about new ways to attack core networks by exploiting device and network authentication issues, vulnerabilities in network slicing, by deploying rogue network functions, container breakouts, and invesitgate the potential for data interception and manipulation. This hands-on experience is achieved entirely in an ethically controlled test environment with security testing tools and techniques, including reconnaissance, penetration testing and vulnerability scanning. The training will also cover advanced topics such as fuzzing the service based and Telecom APIs.

By the end of this training, participants will be equipped with the technical expertise to design, implement, and maintain secure 5G core networks. They will have the confidence to tackle the security challenges posed by 5G technology and ensure the availability, integrity and confidentiality of their networks.

• Pentesting tools custom-made for recon, core intrusion, & PFCP testing
• Access to 5G virtual lab that models a multitude of threats inside a sliced core network • 5G Network traffic monitoring and analysis tools for core and devices
• Case studies and real-world example like exploits for IoT service platforms, API traffic • Virtual machine files packaged with all proprietary test, audit and evaluation tools

Module 1: 5G architecture and security

• 5G architecture and network IDs
• 5G Security Requirements by 3GPP for UE, AMF, SEAF, UDM • SUCI, 5G-AKA, EAP-AKA, NAS and AS crypto
• 33.501 standards and NIST guidelines for 5G security
• Security over backhaul, interconnect SEPP, private 5g, MEC
• Authentication, authorization and crypto for network functions

Module 2: Threat Modeling and Risk Assessment

• Security challenges, risks for 5G core
• MITRE FiGHT framework for attack tactics, and techniques
• New attack patterns for 5G sliced networks (MEC, NFV)
• 5G core and RAN assessment strategies and 5G EU toolbox
• Security compliance and assurance from 3GPP SCAS/SECAM • Auditing – network equipment security assurance (NESAS)

Module 3: 5G System Vulnerability Analysis:

• 5G System and network attacks
• Stages of core exploitation, & entry points
• Attacks on User-to-network interfaces and network-to-network interfaces • Reconnaissance, exploitation, persistence
• Rogue network functions, rogue APIs, & spoofed slices
• Protocol tunneling, MEC
• Exploiting public facing applications
• Supply chain security for network function containers

Module 4: 5G Security Pentesting:

• Tools and techniques for pentesting 5G interfaces, endpoints • Probing network functions over HTTP/2
• Fuzzing 3GPP core interfaces NGAP (N1/N2)
• Fuzzing core service based APIs
• Core network intrusion (via N1/N2, SEPP), and container breakouts • IoT service platform application security (Northbound APIs)

Module 5: Hands-On Exercises:

• Simulate end-to-end 5G multi-slice network
• Network recon, intrusion to an on-site 5G core network testbed • 5G core vulnerability scanning
• Inter-slice compromise attacks via NRF/AMF/SEAF/UDM
• Insider data theft on UPF/UDR
• 5G AMF auditing using SECAM 33.512
• PFCP exposure, DoS, & hijacking

Module 6: Defense-in-Depth Strategies:

• Network function (container) access and monitoring rules • Network border firewall rules for MNO interconnect
• 5G network analytics and log monitoring (NWAF)
• Secure communication proxy for 5G core
• NEF/SCEF security via Telecom API Top 10 • Supply chain security testing and monitoring

Module 7: Case studies:

• 5G core network protocol security assessment
• Intrusion to 5G core via commercial exposure function (NEF/SCEF) • 5G private core configurations and security settings

Overall, this advanced 5G practical security training will provide attendees with a comprehensive understanding of the security risks and vulnerabilities associated with 5G networks, as well as the knowledge and tools to implement effective security measures to protect their networks and data.