Security
Training
Red Team Workshops & Adversarial Signaling Labs
Adversarial simulation and defensive signaling workshops designed for red teams and high-tier researchers. Delivered by active telecom security professionals against real protocol stacks.
// BOOK WORKSHOP
Schedule a discovery call for custom on-site delivery.
BOOK NOW [→]The transition from legacy signaling (SS7) to cloud-native, Service-Based Architectures (5G SBA) requires a paradigm shift in security thinking. Our training modules are designed to bridge this gap, taking security engineers from standard IP-based attacks to complex telecom-specific exploitation.
All modules are delivered by active telecom security researchers and include heavily simulated, hands-on lab environments where students execute attacks against actual protocol stacks — simulating inter-carrier roaming links, GTP core networks, and baseband-to-gNodeB radio links.
5G Core & SBA Exploitation
Deep dive into the 5G Service-Based Architecture, focusing on cloud-native vulnerabilities, HTTP/2 manipulation, and API security across network functions.
- ► AMF & UPF threat modeling
- ► SBI API fuzzing & abuse
- ► Container breakout in vRAN/5GC
- ► SEPP bypass techniques
Legacy Signaling (SS7/Diameter)
Essential knowledge connecting the historical flaws of telecom to modern interconnects, critical for understanding roaming and fallback attacks.
- ► SS7 location tracking & interception
- ► Diameter billing fraud
- ► MAP/CAMEL abuse
- ► Signaling firewall evasion
Radio Access Network (RAN) Security
Focuses on the air interface, baseband operations, and physical layer attacks. Requires foundational SDR knowledge.
- ► Rogue Base Stations (IMSI Catchers)
- ► NAS/RRC message manipulation
- ► A5/x & SNOW 3G downgrade attacks
- ► O-RAN Fronthaul interception
Hardware & Baseband Analysis
Advanced reverse engineering of cellular modems, focused on finding 0-days in the modem RTOS.
- ► Firmware extraction & decryption
- ► Baseband fuzzing (Over-the-Air)
- ► Qualcomm/Exynos memory corruption
- ► SIM/eSIM Applet exploitation
PHASED SKILL DEVELOPMENT — Enterprise security teams follow a structured progression from fundamentals to advanced research capability.
Cellular architecture, protocol stack overview, and core attack surface mapping.
Hands-on SS7, Diameter, and GTP-C attack simulation against real-world roaming stacks.
Air interface attacks using software-defined radio: IMSI catchers, downgrade, jamming.
Independent research track with access to TelcoSec Labs and private researcher network.
Cellular architecture, protocol stack overview, and core attack surface mapping.
Hands-on SS7, Diameter, and GTP-C attack simulation against real-world roaming stacks.
Air interface attacks using software-defined radio: IMSI catchers, downgrade, jamming.
Independent research track with access to TelcoSec Labs and private researcher network.
READY TO HARDEN YOUR SIGNALING?
Custom on-site workshops and dedicated lab infrastructure build-outs are available for qualified organizations. Register on our platform to begin.