Sébastien Dudek , Penthertz
Sébastien Dudek is the founder of Penthertz, a French company specializing in wireless and hardware security. With over 15 years of experience in telecommunications security, he has published research on 5G security, Open RAN, baseband fuzzing, mobile network interception, and power-line communication vulnerabilities. He is the creator of RF Swift, an open-source SDR toolkit, V2G Injector/HomeplugPWN, 5GC API Pentest, and LoRa Craft among other security tools.
His clients major defense and (aero)space companies, include automotive, and his work spans from 2G through 5G security, OT/IoT device security, and critical infrastructure protection.
Talk: Hacking 5G: From Radio Security to the APIs
Talks will be streamed on YouTube and Twitch for free.
5G networks are being opened up at every layer and attackers are paying attention. On the radio interface, we assess what operators actually deploy: is encryption enabled? Is integrity protection enforced on signaling and user plane? Are null ciphers still accepted? How well is the network isolated from external access? These fundamentals still fail more often than you'd think.
The 5G core runs on cloud-native REST-based architectures where a single misconfigured network function can expose subscriber data or provide persistence into critical infrastructure. We demonstrate this live using our open-source 5GC API Pentest Burp Suite extension automating NF discovery, IMSI enumeration, credential extraction, and API fuzzing against a 5G core. OpenRAN disaggregates the radio access network into open interfaces between O-RU, O-DU, O-CU, and the RIC - creating attack surfaces that didn't exist in monolithic base stations. And now CAMARA, the industry initiative exposing network capabilities through standardized APIs, gives third parties access to device location, SIM swap, and number verification, with security models still maturing.
This talk walks through real assessments and attacks at each layer from verifying radio protections to exploiting core APIs and examining how some endpoints could enable surveillance and fraud.
Training: Hacking the Invisible: SDR for Red Team Operations
Most red team engagements stop at the network perimeter - but radio waves don't. Every building leaks signals: alarms, gate openers, keyless entry, wireless keyboards, IoT sensors, drones, and even baby monitors. Yet most offensive security practitioners have zero visibility into this invisible attack surface.
Hacking the Invisible is a hands-on, 3-day training that teaches red teamers and pentesters how to leverage Software-Defined Radio (SDR) to identify, intercept, and exploit wireless systems found in corporate and industrial environments. Every technique comes from real-world engagements - not theory.
Part 1 covers SIGINT and COMINT: passively mapping RF environments with spectrum analyzers, decoding signals from physical access systems (alarms, gates, RKE/PKE), TPMS, UAVs, then moving into active attacks — replay, packet crafting, and blind protocol reversing.
Part 2 shifts to building custom tools: when nothing off-the-shelf works, you build your own. Students learn GNU Radio, automate attack chains against analog and digital targets, spy on PMR radios, attack nRF peripherals, intercept LoRa traffic, and eavesdrop on drone camera feeds.
All exercises run on the open-source RF Swift toolkit. Attendees leave with a portable RF arsenal and the skills to tackle even the most exotic wireless target.