Length: 3 Days
Print Friendly, PDF & Email

5G Penetration Testing and Ethical Hacking Preparation Training

5G Penetration testing is a critical part of maintaining and fortifying your IP, network and physical security.

Penetration testing involves giving professional pen testers (like ethical hackers) permission to hack, test, and identify potential vulnerabilities in existing and new systems, networks and apps, to secure against unauthorized access by malicious actors.

Penetration testing has been around since the ‘90s but has changed significantly over the years. The practical value of attack simulation hasn’t gone away, but deficiencies in the way these programs are deployed have caused many security leaders to view penetration tests as essential to protect organizations from game ending cyber risks.

Cybersecurity professionals recommend organizations perform a penetration test if they suspect new IT security threats or whenever an office or network is relocated or moved to a fully remote work environment.

A penetration test is also recommended when a new internal data storage site is set up or relocated or when a new end-user policy or program is set up.

Of course a penetration test should be done if an organization was recently attacked through adware or ransomwares in order to locate cyber vulnerabilities.

Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers. This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them.

Also known as “white hats,” ethical hackers are security experts that perform these assessments. The proactive work they do helps to improve an organization’s security posture. With prior approval from the organization or owner of the IT asset, the mission of ethical hacking is opposite from malicious hacking.

Ethical hackers often discover cybersecurity vulnerabilities that can help an organization shore up their cybersecurity plans and strategies.

Commonly discovered cyber risks by ethical hackers include:

  • Injection attacks
  • Broken authentication
  • Security misconfigurations
  • Use of components with known vulnerabilities
  • Sensitive data exposure

After the testing period, ethical hackers prepare a detailed report. This documentation includes steps to compromise the discovered vulnerabilities and steps to patch or mitigate them.

Even though authorized by an organization, ethical hackers still need to follow certain protocols such as staying legal by obtaining proper approval before accessing and performing a security assessment.

5G Penetration Testing and Ethical Hacking Preparation Training Course by Tonex

This Training course prepares participants to conduct successful 5G penetration testing and ethical hacking. Participants will learn about tools and techniques to analyze 5G vulnerabilities, how to perform detailed 5G reconnaissance. ENISA’s threat landscape for 5G Networks and NIST 5G cybersecurity/RMF prepares you with a secure evolution to 5G. This project-based workshop style 5G cybersecurity training will identify several 5G use case (network slices) scenarios and demonstrate for each one how to strengthen the 5G architecture components to mitigate identified risks and meet cybersecurity compliance requirements.

Who Should Attend This Training?

  • Cybersecurity consultants
  • Security professionals
  • Red Team members
  • Blue Team members
  • Forensics specialists
  • Penetration testers
  • Security analysts

Below are characteristics of these use cases:

5G Enhanced Mobile Broadband (eMBB) brings the promise of high speed and dense broadband to the subscriber. With gigabit speeds, 5G provides an alternative to traditional fixed line services. Fixed wireless access based on mmWave radio technologies enables the density to support high bandwidth services such as video over a 5G wireless connection. To support eMBB use cases, the mobile core must support the performance density and scalability required.

Ultra-reliable low latency Communications (Robotics, Factory Automation): Ultra-Reliable Low Latency Communications (URLLC) focuses on mission critical services such as augment and virtual reality, tele-surgery and healthcare, intelligent transportation, autonomous driving and industry automation. Traditionally over a wired connection, 5G offers a wireless equivalent to these extremely sensitive use cases. URLLC often requires the mobile core User Plane Function (UPF) to be located geographically closer to then end user in a Control and User plane Separation (CUPS) architecture to achieve the latency requirements.

Massive IoT: Massive IoT in 5G addresses the need to support billions of connections with a range of different services. IoT services range from devices sensors requiring relatively low bandwidth to connected cars which require a similar service to a mobile handset. Network slicing provides a way for service providers to enable Network as a Service (NaaS) to enterprises; giving them the flexibility to manage their own devices and services on the 5G network.

Key Objectives & Gained Skill:

The goal of this practical course is to give the participant a strong and intuitive understanding of what cybersecurity in the 5G systems is and how the security functions are implemented in the 5G, 5G NR, Cloud RAN, MEC, 5GC, Service Based Architecture (SBA), HTTP2/JSON, REST API, and network slices.

Course Topics and Modules

Introduction to 5G Networks and Systems

  • 5G 101
  • 3GPP 5G-NR
  • Principles of mmWave
  • 5G Communications Overview
  • Channels and Carriers
  • 5G Access Techniques
  • 5G Services
  • 5G NR  Standalone (NSA)
  • 5G NR  Non-Standalone (SA)

5G Network and System Architecture

  • 5G Architectural Components
  • 5G system performance
  • The 5G System Survey
  • Principles of 5G Core (5GC)
  • Service-Based Architecture (SBA)
  • Network Slicing
  • NFV and SDN
  • Multi-Access Edge Computing (MEC)
  • Quick Compare: Verizon, AT&T, T-Mobile, Sprint, others

Intro to 5G Security

  • 5G Network IDs
  • 5G Security Requirements by 3GPP
  • Requirements on the UE
  • Requirements on the gNB
  • Requirements on the ng-eNB
  • Requirements on the AMF
  • Requirements on the SEAF
  • Requirements on the UDM
  • Core network security
  • Trust boundaries
  • Visibility and configurability
  • Requirements for algorithms, and algorithm selection
  • 5G Systems Attacks
  • 5G System Vulnerabilities
  • Threat Assessment
  • Attackers and Assets
  • Attack Surface
  • Attack Trees
  • Security Policy
  • Backdoors
  • Denial of Service (DOS)
  • Defensive Architectures
  • Defensive Hardware Interfaces
  • Public Key Cryptography (PKI)
  • Protecting Data In Motion
  • Secure Software Process

5G System Vulnerability Analysis

  • 5G System and Network Attacks
  • Exploiting 5G Systems and Devices
  • The Stages of System Exploitation
  • Initial Reconnaissance
  • Exploitation
  • Firmware Unpacking and Modification
  • Detecting
  • Extracting
  • Analysis
  • Modification and Creation of new firmware
  • Hacking/exploitation techniques, tools and entry points
  • Defensive technologies

Cybersecurity Attacks and Best Mitigation Practices for 5G Systems

  • Non-Invasive Hardware Reverse Engineering
  • Component identification
  • Interface Analysis
  • Communications Protocols Sniffing
  • Decoding and Deciphering Captured Bits
  • Critical Data Identification and Detection
  • Component Removal and Replacement
  • Electronics and Circuit analysis
  • Security Measures

 5G Zero Trust Architecture

  • What is 5G “Zero Trust”?
  • 5G network architecture and Zero Trust
  • Zero Trust as a strategic initiative
  • Tools to prevent successful data breaches
  • Eliminating the concept of trust rooted in the principle of “never trust
  • Zero Trust to protect 5G environment
  • Leveraging 5G network segmentation
  • Preventing lateral movement
  • Providing Layer 7 5G threat prevention
  • 5G user-access control
  • Deploying 5G Zero Trust
  • Steps to Zero Trust
  • Identify the protect 5G surface
  • Map the 5G transaction flows
  • Build a Zero Trust 5G architecture
  • Create 5G Zero Trust policy
  • Monitor and maintain 5G Zero Trust environment

5G Cybersecurity Assessment 

  • Assessing cyber-related information and control systems to relevant regulations, standards and guidance
  • Gap analysis to unveil security holes
  • real-time situational awareness
  • Insider and external threat protection
  • System hardening and active defenses for comprehensive protection of 5G system 5G environment
  • 5G cybersecurity patching


  • Overview of Risk Management Framework (RMF)
  • RMF as a set of criteria that dictate how United States government IT systems must be architected, secured, and monitored
  • RMF and National Institute of Standards and Technology (NIST) foundation for any data security strategy.
  • Evaluate 5G system security vulnerabilities
  • Key Issues
  • Embedded SIM Security
  • 5G Autonomous Driving Security Solutions
  • Critical 5G Security Controls Planning, Implementing and Auditing
  • Top 5G Mitigation Strategies Implementing and Auditing
  • Advanced 5G Security Principles
  • 5G Intrusion Detection
  • Issues with Access Network Flash Network Traffic
  • Radio interface key management
  • User plane integrity
  • Security measures
  • DOS Attacks Against Network Infrastructure
  • Overload of the signaling plane security issues
  • Bulk configuration security issues
  • 5G Security Domains
  • 5G Security Requirements from 3GPP
  • Security Enforcement Points
  • 5G Architecture (RAN, IP Core, Mobile Core, Transport, Etc.)
  • 5G Pen Test Planning
  • Inventory of potential 5G vulnerabilities
  • RMF Control Functions applied to 5G

5G Penetration Testing and Ethical Hacking Training

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.