5G Penetration Testing and Ethical Hacking Preparation Training

5G Penetration Testing and Ethical Hacking Preparation Training

5G Penetration testing is a critical part of maintaining and fortifying your IP, network and physical security.

Penetration testing involves giving professional pen testers (like ethical hackers) permission to hack, test, and identify potential vulnerabilities in existing and new systems, networks and apps, to secure against unauthorized access by malicious actors.

Penetration testing has been around since the ‘90s but has changed significantly over the years. The practical value of attack simulation hasn’t gone away, but deficiencies in the way these programs are deployed have caused many security leaders to view penetration tests as essential to protect organizations from game ending cyber risks.

Cybersecurity professionals recommend organizations perform a penetration test if they suspect new IT security threats or whenever an office or network is relocated or moved to a fully remote work environment.

A penetration test is also recommended when a new internal data storage site is set up or relocated or when a new end-user policy or program is set up.

Of course a penetration test should be done if an organization was recently attacked through adware or ransomwares in order to locate cyber vulnerabilities.

Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers. This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them.

Also known as “white hats,” ethical hackers are security experts that perform these assessments. The proactive work they do helps to improve an organization’s security posture. With prior approval from the organization or owner of the IT asset, the mission of ethical hacking is opposite from malicious hacking.

Ethical hackers often discover cybersecurity vulnerabilities that can help an organization shore up their cybersecurity plans and strategies.

Commonly discovered cyber risks by ethical hackers include:

• Injection attacks
• Broken authentication
• Security misconfigurations
• Use of components with known vulnerabilities
• Sensitive data exposure

After the testing period, ethical hackers prepare a detailed report. This documentation includes steps to compromise the discovered vulnerabilities and steps to patch or mitigate them.

Even though authorized by an organization, ethical hackers still need to follow certain protocols such as staying legal by obtaining proper approval before accessing and performing a security assessment.

5G Penetration Testing and Ethical Hacking Preparation Training Course by Tonex

This Training course prepares participants to conduct successful 5G penetration testing and ethical hacking. Participants will learn about tools and techniques to analyze 5G vulnerabilities, how to perform detailed 5G reconnaissance. ENISA’s threat landscape for 5G Networks and NIST 5G cybersecurity/RMF prepares you with a secure evolution to 5G. This project-based workshop style 5G cybersecurity training will identify several 5G use case (network slices) scenarios and demonstrate for each one how to strengthen the 5G architecture components to mitigate identified risks and meet cybersecurity compliance requirements.

Who Should Attend This Training?

• Cybersecurity consultants
• Security professionals
• Red Team members
• Blue Team members
• Forensics specialists
• Penetration testers
• Security analysts

Below are characteristics of these use cases:

5G Enhanced Mobile Broadband (eMBB) brings the promise of high speed and dense broadband to the subscriber. With gigabit speeds, 5G provides an alternative to traditional fixed line services. Fixed wireless access based on mmWave radio technologies enables the density to support high bandwidth services such as video over a 5G wireless connection. To support eMBB use cases, the mobile core must support the performance density and scalability required.

Ultra-reliable low latency Communications (Robotics, Factory Automation): Ultra-Reliable Low Latency Communications (URLLC) focuses on mission critical services such as augment and virtual reality, tele-surgery and healthcare, intelligent transportation, autonomous driving and industry automation. Traditionally over a wired connection, 5G offers a wireless equivalent to these extremely sensitive use cases. URLLC often requires the mobile core User Plane Function (UPF) to be located geographically closer to then end user in a Control and User plane Separation (CUPS) architecture to achieve the latency requirements.

Massive IoT: Massive IoT in 5G addresses the need to support billions of connections with a range of different services. IoT services range from devices sensors requiring relatively low bandwidth to connected cars which require a similar service to a mobile handset. Network slicing provides a way for service providers to enable Network as a Service (NaaS) to enterprises; giving them the flexibility to manage their own devices and services on the 5G network.

Key Objectives & Gained Skill:

The goal of this practical course is to give the participant a strong and intuitive understanding of what cybersecurity in the 5G systems is and how the security functions are implemented in the 5G, 5G NR, Cloud RAN, MEC, 5GC, Service Based Architecture (SBA), HTTP2/JSON, REST API, and network slices.

Course Topics and Modules

Introduction to 5G Networks and Systems

• 5G 101
• 3GPP 5G-NR
• Principles of mmWave
• 5G Communications Overview
• Channels and Carriers
• 5G Access Techniques
• 5G Services
• 5G NR  Standalone (NSA)
• 5G NR  Non-Standalone (SA)

5G Network and System Architecture

• 5G Architectural Components
• 5G system performance
• The 5G System Survey
• Principles of 5G Core (5GC)
• Service-Based Architecture (SBA)
• Network Slicing
• NFV and SDN
• Multi-Access Edge Computing (MEC)
• Quick Compare: Verizon, AT&T, T-Mobile, Sprint, others

Intro to 5G Security

• 5G Network IDs
• 5G Security Requirements by 3GPP
• Requirements on the UE
• Requirements on the gNB
• Requirements on the ng-eNB
• Requirements on the AMF
• Requirements on the SEAF
• Requirements on the UDM
• Core network security
• Trust boundaries
• Visibility and configurability
• Requirements for algorithms, and algorithm selection
• 5G Systems Attacks
• 5G System Vulnerabilities
• Threat Assessment
• Attackers and Assets
• Attack Surface
• Attack Trees
• Security Policy
• Backdoors
• Denial of Service (DOS)
• Defensive Architectures
• Defensive Hardware Interfaces
• Public Key Cryptography (PKI)
• Protecting Data In Motion
• Secure Software Process

5G System Vulnerability Analysis

• 5G System and Network Attacks
• Exploiting 5G Systems and Devices
• The Stages of System Exploitation
• Initial Reconnaissance
• Exploitation
• Firmware Unpacking and Modification
• Detecting
• Extracting
• Analysis
• Modification and Creation of new firmware
• Hacking/exploitation techniques, tools and entry points
• Defensive technologies

Cybersecurity Attacks and Best Mitigation Practices for 5G Systems

• Non-Invasive Hardware Reverse Engineering
• Component identification
• Interface Analysis
• Communications Protocols Sniffing
• Decoding and Deciphering Captured Bits
• Critical Data Identification and Detection
• Component Removal and Replacement
• Electronics and Circuit analysis
• Security Measures

 5G Zero Trust Architecture

• What is 5G “Zero Trust”?
• 5G network architecture and Zero Trust
• Zero Trust as a strategic initiative
• Tools to prevent successful data breaches
• Eliminating the concept of trust rooted in the principle of “never trust
• Zero Trust to protect 5G environment
• Leveraging 5G network segmentation
• Preventing lateral movement
• Providing Layer 7 5G threat prevention
• 5G user-access control
• Deploying 5G Zero Trust
• Steps to Zero Trust
• Identify the protect 5G surface
• Map the 5G transaction flows
• Build a Zero Trust 5G architecture
• Create 5G Zero Trust policy
• Monitor and maintain 5G Zero Trust environment

5G Cybersecurity Assessment 

• Assessing cyber-related information and control systems to relevant regulations, standards and guidance
• Gap analysis to unveil security holes
• real-time situational awareness
• Insider and external threat protection
• System hardening and active defenses for comprehensive protection of 5G system 5G environment
• 5G cybersecurity patching

Optional Workshop 1: Applying RMF to 5G Cybersecurity

• Overview of Risk Management Framework (RMF)
• RMF as a set of criteria that dictate how United States government IT systems must be architected, secured, and monitored
• RMF and National Institute of Standards and Technology (NIST) foundation for any data security strategy.
• Evaluate 5G system security vulnerabilities
• Embedded SIM Security
• 5G Autonomous Driving Security Solutions
• Critical 5G Security Controls Planning, Implementing and Auditing
• Top 5G Mitigation Strategies Implementing and Auditing
• Advanced 5G Security Principles
• 5G Intrusion Detection
• Issues with Access Network Flash Network Traffic
• Radio interface key management
• User plane integrity
• Security measures
• DOS Attacks Against Network Infrastructure
• Overload of the signaling plane security issues
• Bulk configuration security issues
• 5G Security Domains
• 5G Security Requirements from 3GPP
• Security Enforcement Points
• 5G Architecture (RAN, IP Core, Mobile Core, Transport, Etc.)
• 5G Pen Test Planning
• Inventory of potential 5G vulnerabilities
• RMF Control Functions applied to 5G

Optional Workshop 2

• 5G Red Team vs Blue Team activities
• 5G offensive security and ways to defend against and responds to the red team attack
• Incident responders to identify, assess and respond to the 5G RAN and Core network intrusion
• 5G Red team/blue team simulations
• Tools to exploit common 5G vulnerabilities
• Identify points of vulnerability as it relates to 5G technologies and systems
• Determine areas of improvement in defensive incident response processes across every phase of the 5G kill chain
• Develop response and remediation activities to return the 5G network to a normal operating state
• Identify and exploit potential 5G weaknesses within the 5G cyber defenses using sophisticated attack techniques.
• Learn how to prepare your 5G cybersecurity team to defend against targeted mission critical and IoT attacks
• Identify misconfigurations and coverage gaps in existing 5G or 4G security elements
• Strengthen 5G network security to detect targeted attacks and improve breakout time
• 5G “purple team” work  to improve the 5G’s overall security
• Threat actor tactics, techniques and procedures (TTPs) and the attack tools and frameworks in 5G
• Known spear-phishing tactics and social engineering techniques to obtain credentials and access 5G systems

Practical Workshops for Blue Team (Day 3 Morning)

• Applying RMF to 5G Cybersecurity Protection
• 5G Blue Team activities
• 5G Cybersecurity Testing and Evaluation
• Characterize Cyber Attack Surface
• Understand 5G Cybersecurity Requirements
• Identifies any/all known vulnerabilities present in 5G systems
• Reveals systemic weaknesses in 5G security programs
• Focused on adequacy & implementation of technical security controls and attributes
• Multiple methods: hands-on testing, interviewing personal, or examination of relevant artifacts
• Feedback to developers and system administrators for system remediation and mitigation
• Conducted with full knowledge and cooperation of systems administrators

Practical Workshops for Blue Team (Day 3 Morning)

• Applying RMF to 5G Cybersecurity Protection
• 5G Blue Team activities
• 5G Cybersecurity Testing and Evaluation
• Characterize Cyber Attack Surface
• Understand 5G Cybersecurity Requirements
• Identifies any/all known vulnerabilities present in 5G systems
• Reveals systemic weaknesses in 5G security programs
• Focused on adequacy & implementation of technical security controls and attributes
• Multiple methods: hands-on testing, interviewing personal, or examination of relevant artifacts
• Feedback to developers and system administrators for system remediation and mitigation
• Conducted with full knowledge and cooperation of systems administrators

Practical Workshops for Red Team (Day 3 Morning):

• 5G Red Team activities
• Exploit one or more known or suspected 5G weaknesses
• Attention on specific problem or attack vector
• Develops an understanding of inherent weaknesses of 5G networks and systems
• Conducted covertly with minimal staff knowledge
• 5G Radio Hacking Practices and Trial with HackRF and Spectrum Analyzer
• 5G SIGINT
• Jamming 5G Radio

5G Penetration Testing and Ethical Hacking Training