c0c0n @2025 | Hacking & Cyber Security Briefing

WORKSHOP OBJECTIVE

The Telecom Security Training course aims to equip participants with a comprehensive understanding of 5G network security, covering core network threats, RAN security, penetration testing, and advanced exploitation techniques. Through a mix of theory and hands-on training, attendees will explore 3GPP standards, O-RAN architectures, vulnerability assessments, attack surface mapping, and modern security frameworks like MITRE ATTA&CK and FiGHT. By engaging in real-world security scenarios, and exploit research in a controlled environment, participants will develop practical skills in reconnaissance, network enumeration, API security, authentication attacks, and protocol fuzzing—ultimately preparing them to identify, mitigate, and respond to security risks in telecom infrastructures.

PRE-REQUISITE

Basic Knowledge of IT Security
Beginner Level Python skills
Basics of Linux

PARTICIPANT'S REQUIREMENTS

Laptop with basic configuration (8gb ram)
Internet connection
Ubuntu 20.01 or 21.01 or Debian 10 (mandatory installed not virtual box or vmware) or latest version

WHO SHOULD ATTEND

ECE students, M.Tech Students and Phd students,Faculties.,IT Employees working in network and telecom domain

WHAT TO EXPECT

Participants who complete this workshop will gain hands-on expertise in telecom security assessment, penetration testing, and threat mitigation for 5G networks, core security, and RAN infrastructure.

WHAT NOT TO EXPECT

Becoming an expert in telecom pentesting

DURATION

Duration: 3 days (6-8) Hrs

COURSE CONTENT

xG of Telecom: Evolution from 2G to 5G and beyond
4G vs. 5G Core Differences: Key differences in architecture and security
5G Deployment Modes: NSA vs. SA deployment models
3GPP & O-RAN Specifications: Overview of industry standards and compliance.
xHauling in Telecom Networks: Analyzing fronthaul, midhaul, and backhaul security.
Threat Modelling & Risk Assessment
MITRE ATT&CK Framework & MITRE FiGHT Strategy: Security frameworks for telecom
Twin Circle Approach for Modern Telco Security: Advanced risk assessment methodologies
Security Architecture & Requirements
RAN (Radio Access Network) Security: Addressing threats in RAN infrastructure.
Edge Security: Protecting gNB and edge computing environments
Core Network Security: Strategies for securing the telecom core
3GPP & O-RAN Security Standard
Standardization & Compliance: Understanding security compliance requirements
3GPP & O-RAN Security Guidelines: Best practices for network security.
Key Working Groups: Focus on 3GPP SA3 (33.xxx series) and related standards

Trainer

Samarth Bhaskar Bhat

Technical Director, REINFOSEC

Day wise Training Plan

DAY 1 - Foundational & Practical Training
- Theory & Fundamental
  - 5G Network Architecture Overview
  - Deep Dive into TS 33.117
  - Telecom Network Architectures & Protocols
  - Key RAN Components & interfaces
  - Lab Setup & Hands-on Explanation
- RAN Security & Penetration Testing
  - Scanning Techniques
  - Mass Scanning
  - Passive Reconnaissance
  - UE Environment Mapping
  - Tools: nmap, massscaner,zenmap
  - Network Topology Discovery
- RAN Security Assessment (Grey &white box)
  - Grey Box Testing
  - Exploiting Public CVEs & Known Vulnerabilities
  - Hard Testing Against Exposed Attack Surfaces
  - Comprehensive Enumeration & Analysis
  - Attack Surface Mapping:
  - Vulnerability Discovery
  - Exploiting UE & gNB Vulnerabilities
DAY 2Advanced Security & Exploitation (White Box Testing)
- Model-Based Security Testing Core Network Attacks - Understanding Threat Vectors: Identifying threats in the core network.
  - Service-Based Architecture (SBA) Risks: Examining weaknesses in mod telecom architecture.
  - Configuration Manipulation & Password Attacks in CN: Exploiting weak configurations
- Hands-on Security Testing
  - Intercepting Packets in CN: Analyzing network traffic for vulnerabilities.
  - HTTP/2 Traffic Analysis & API Endpoint Targeting: Finding security flaws in communications
  - Reverse Engineering HTTP/2 Transactions: Identifying weak implementation
  - Blue CN Model (Intentionally Vulnerable CN for Exploit Research): Safe environment for testing exploits
  - Understanding OAS (Open API Security): Examining telecom API security mechanisms
- CN Side Testing & Exploitation
  - Discovery & Initial Recon: Identifying core network vulnerabilities
  - Scanning Techniques for Weakness Identification: Using specialized tools flaws
  - Enumeration for Exploitable Services: Mapping out vulnerable services.
DAY 3
- JWT-based Exploit Scenarios: Attacks leveraging JWT vulnerabilities
- HTTP/2 Injection (Downgrading of HTTP): Exploiting HTTP/2 weaknesses
- Advanced Telecom Attacks
  - SMF (Session Management Function) Attack Scenarios: Exploiting session management vulnerabilities
  - AMF (Access & Mobility Function) Authentication Attacks: Unauthorized and authentication bypass
  - TCP Flooding for Session Disruption: Conducting denial-of-service attacks
  - Unauthorized Authentication Exploits: Gaining access through misconfigurations.

Case Studies & Group Exercise

Real-world telecom breach analysis and incident response strategies
Simulation exercise: Conducting a full incident response and forensic analysis within a telecom environment
Session Hijacking & DoS Flooding: Interfering with active network session
Fuzzing (Second-Layer Security Testing): Advanced testing techniques for protocol security
Additional Topics Covered Core Concepts & Introduction
Current Core Evolution: Understanding the transition from traditional co API-driven core networks
AI Integration in Core: Exploring AI-based security mechanisms for privat networks

INDUSTRY CONFERENCE ALLIES

Contact Us

Samarth Bhaskar Bhat

Technical Director

REINFOSEC

Security Architect
Over six years of experience in Information Security, design and development of Application Software.
Audited 50+ business Web-Applications in the areas of Banking, Finance, Insurance, Trading and eCommerce.
Conducted security audit of Payment Gateway.
Expertise in handling various Application security Assessments, Penetration Tests and Vulnerability Assessment
Good work exposure on implementation of SOC (Security Operation Centre) and Data Loss Prevention
Proficient in understanding application level vulnerabilities like XSS, SQL injection, response splitting attacks, session hijacking, authorization bypass, weak cryptography, authentication flaws & design level vulnerabilities along with the defence mechanisms.
Expert in web security testing tools like Proxy Editors, Network Sniffing tools, Web Vulnerability scanners, flash de-compilers.
Well versed with OWASP Top 10
Proficiency in creating Threat profile for different types of applications
Knowledge of different phases, methodologies, concepts and procedures involved in the PT/VA.
Good understanding of vulnerability scanners like Nessus, QualysGuard, Rapid7 and Symantec CCSVM.
Expertise in implementation and configuration disk encryption and email encryption (PGP)
Sound knowledge on remediation process for the vulnerabilities identified during the assessment
Proficient in Information security reporting for executive management
Trained in secure code review of .NET applications.
Trained in web services testing methodology.
Sound knowledge of T-SQL, Crystal Reports, VBA, C# (Winforms), Visual Basic.NET
Expertise in database programming
Experienced with exposure and experience in understanding, reversing and fuzzing wireless protocols in the RF-Layer of systems.
Experienced in reversing hardware protocols and implementing hardware attacks and threat-modelling of Wireless and Signals Systems. Have previous exposure and experience in Signal Design and Offensive Signal Tactics. Presently working on application of EW and SIGINT techniques in the Aerospace and Defence domain. Personal projects include machine learning and deep learning methods of recognition and deepfaking signals that can cause signal cant impact on the physical domain/layer of systems and OpenWRT for mesh networking.
Signal Detection meta information extraction of signals using Commercially available SDR platforms.
Protocol decomposition of signal of interest.
Baseline formulation of minimum jamming requirements for RADAR and datalink.
Utilization of SDR for SIGINT and ELINT in drones.
Proof of Concept development of DRFM systems using commercially available SDR.
Telecom signal (LTE) reconnaissance using commercially available SDR
Radio Direction Finding (RDF) and aggregation using commercially avaialble SDR.
Establishment of CEMA guidelines for EW and Cross layer protocol research.
Bechmarking of default DSP algorithms in GP-CPU's using python (adopted from BDTI guidelines)
Network metrics computation of IQ data transfer metrics on mesh networks for SIGINT and ELINT operations.
Wideband FHSS interception techniques using aliasing and FFT shot detection.
Development of PoC of Automatic Modulation Recognition techniques using function models in python.
3D cyclostationary analysis of signals for operator visulalization.
IQ signal generator and interference generator using SDR for RDF testing.
Information security baseline for CEMA and ELINT operations

Contact Info

Social Links

WS-06

Mastering Telecom Security: A Hands-on Guide to RAN & Core Network Protection

07-09 October, 2025

WORKSHOP OBJECTIVE

PRE-REQUISITE

PARTICIPANT'S REQUIREMENTS

WHO SHOULD ATTEND

WHAT TO EXPECT

WHAT NOT TO EXPECT

DURATION

COURSE CONTENT

Trainer

Day wise Training Plan

Case Studies & Group Exercise

Workshops

COMMUNITY PARTNERS

INDUSTRY CONFERENCE ALLIES

Contact Us

Samarth Bhaskar Bhat