5G Hacking for Red and Blue Teams

  • Dates: May 10, 11, 12 and 13 2025
  • Difficulty: Medium
  • Session Format: On-Site

Description

5G core networks are becoming critical across industries such as manufacturing, healthcare, smart cities, and defense. With mission-critical systems and sensitive data flowing through these networks, organizations must strengthen their security defenses to counter evolving cyber threats.

However, many organizations in the 5G space lack experience with telecom-specific security challenges, which differ from traditional IT threats. Vulnerabilities in mobile protocols, signaling, and network slicing demand specialized skills to mitigate. Understanding these threats and implementing secure deployments is crucial, and this training is designed to address that need.

This is an intense hands-on training and is achieved entirely in an ethically controlled test environment. You’ll dive into 5G core security through real-world examples, simulations, and exercises and learn about new ways to pentest, attack and defend core networks. You’ll explore attack vectors like network slicing vulnerabilities, rogue network functions, and lateral movement in containerized networks, and many more using tools for recon, intrusion, pentesting, and fuzzing. By the end of this training, you will be equipped with the technical expertise to design, configure, and maintain secure 5G core networks.

Module 1: Understanding 5G Architecture and Security Foundations
  • Overview of 5G architecture and UE registration
  • Security requirements for UE, NRF, AMF, UDR, UDM and other NFs
  • Exploring SUCI, 5G-AKA, EAP-AKA, EAP-AKA', NAS, and AS crypto
  • Understanding 3GPP 33.501 security specifications
  • Securing backhaul, interconnect over SEPP, private 5G, and MEC
  • Authentication, authorization, and cryptography for network functions
  • Open RAN (ORAN) architecture, interfaces and security
Module 2: Comprehensive Threat Modeling and Risk Assessment
  • Knowing the threat actors, and their motivations and capabilities
  • Identifying security challenges and risks in the 5G core interfaces
  • Using MITRE FiGHT and MOTIF framework for attack tactics and techniques
  • Analyzing new attack patterns for 5G sliced networks (MEC, NFV)
  • Strategies for 5G core and RAN assessments with 5G EU toolbox
  • Ensuring security compliance and assurance with 3GPP SCAS/SECAM
  • Conducting audits using network equipment security assurance (NESAS)
Module 3: In-Depth 5G System Vulnerability research
  • Understanding stages of core exploitation and entry points
  • Examining attacks on user-to-network and network-to-network interfaces
  • Assessing reconnaissance, exploitation, and persistence strategies
  • Vulnerabilities key protocols like PFCP, NGAP, GTP, and HTTP/2 (SBI)
  • Using rogue network functions, spoofed slices, and 3GPP 5GC_APIs
  • Uncovering threats like protocol tunneling and MEC exploitation
  • Digging into supply chain security for cellular network components
Module 4: Pentesting 5G infrastructure
  • Tools and techniques for pentesting 5G interfaces and endpoints
  • Probing network functions through SBI, N1 & N32 (interconnect) interfaces
  • Fuzzing 3GPP core interfaces NGAP (N1/N2) and service-based API injection
  • Conducting core network intrusion via N1/N2, NEF, and N32 interconnect
  • Special focus on replay attacks over vulnerable interfaces N2 and N3
  • Securing IoT service platforms and applications (northbound APIs)
Module 5: Red team and practical attacks on 5G networks
  • Intrusion to 5G core network via a multitude of attack vectors
  • Conducting slice attacks to exploit cross-slice vulnerabilities
  • Hijacking the 5G core by deploying rogue network functions
  • Playing the man-in-the-middle to exfiltrate data and DoS the network
  • Disrupting services to UEs, NFs, and connected services
  • Conducting lateral movement in a multi-slice containerized 5G core network
  • Gaining reverse shell access to 5G core over hidden backdoors
Module 6: Blue team and defending 5G networks
  • Enforce network slice isolation policies and access control methods
  • Network traffic monitoring and suspicious traffic patterns in the core
  • Mutual authentication and encryption for secure communication between NFs
  • Block unauthorized API requests between NFs by configuring API gateways
  • Hardening core NFs with security policies, encryption, & access controls
  • Rate limiting and filtering on critical interfaces to mitigate DoS attacks
  • Applying zero trust principles in 5G network design and operations

Key Learning Objectives

  1. Gain deep expertise in 5G core security and protocols to perform effective penetration testing and safeguard networks.

  2. Master practical skills in 5G pen-testing tools and techniques for vulnerability assessments, exploit development and defenses.

  3. Understand 5G security challenges and best practices, including network slicing and NFV security, to protect 5G networks.

Who Should Attend?

This course is ideal for wireless and mobile network security architects, telecom engineers, security researchers/practitioners, and anyone interested in understanding: 5G security aspects, and new security improvements, and how they contribute to build secure next-generation networks.

Prerequisite Knowledge

  • Good understanding of wireless communications and/or security is recommended
  • Knowledge of basic concepts in telecom technologies like 2/3/4/5G systems, containers, and APIs
  • Usage of Wireshark and one or more programming/scripting languages

Hardware Requirements

A laptop with at least i5, 16GB configuration or similar and 100 GB free space. Linux/Ubuntu OS as a host and support for running Virtual box, Docker and Kubernetes

Bio

Dr. Altaf Shaik , Fast IOT

Dr. Altaf Shaik is a senior researcher at the Technische Universität Berlin in Germany, and conducts advanced research in telecommunications esp. in 6G security architecture, openRAN, and 5G radio access and core network security. He holds more than 11 years of experience in Telecom security and combines a professional background in embedded programming, wireless communications, and offensive network security.

Dr. Shaik spent his career as a security engineer and expert at various leading telecommunication companies including Gemalto (currently Thales), Deutsche Telekom (Germany), and Huawei Technologies (Sweden). His PhD research assisted in improving the 3GPP 4G security standards and also exposed several vulnerabilities in commercial mobile networks affecting millions of base stations, networks, and handsets worldwide. His post-doctoral research exposed vulnerable API designs in latest 5G networks and slicing vulnerabilities in the 5G security specifications leading to serious attacks.

Dr. Shaik is a frequent speaker and trainer at various prestigious international security conferences such as Blackhat, T2, SECT, Nullcon, Hardware.io and HITB, 44CON, and many others. His accomplishments landed him in the hall of fame of organizations like Google, Qualcomm, Huawei, and GSMA. He is also the founder of Kaitiaki labs and FastIoT that trains internationally various companies and governmental organizations in exploit development and also building secure mobile and IoT networks including their testing and security assessment.

Return to training sessions