Click here to register.




13-14 June 2018


15 Seats


2300$ CAD before May 1,
2700$ CAD after.

Learn about contemporary telecom and mobile system reverse engineering within the context of Telecom and Mobile Network operators and how to attack core telecom infrastructure (Core Network, Services, Mobile Apps, Handset platforms, IoT platforms). We will see from the mobile handset (Android, apps, platform) to the operator Core Network how these technologies meshed together and how to make sense of their protocols and applications.

Day 1: Operator infrastructure attack surface, Reverse engineering tools and Network element vulnerability research.

  • The training will show the various attack surfaces for these networks and show the impact of vulnerabilities for each network element.
  • The training will show how to apply and used common reverse engineering tools on telecom and mobile systems.
  • Huawei MGW8900 Core Network Element (legacy, monolithic, VxWorks + FPGA) description, analysis and reverse engineering.
  • Huawei HSS / MSC Core Network Element (ATCA, recent, Linux + FPGA) description, analysis and reverse engineering.
  • ZTE Core Network Element (ATCA, recent, Linux) description, analysis and reverse engineering.

Day 2: Mobile (in)security, Subscriber applications reverse engineering and Network protocols analysis.

  • Android platform (Android + Proprietary extensions). We will look into Android applications and platform specifics binaries to find access point to the core network.
  • Mobile phone usage of the network and applications (CS, USSD, SMS, Packet Switched/Data, VAS).
  • We will look into the protocols used by the mobile, analyzing them and detailing where security problems can appear.
  • We will dig into Core Network protocols, reverse engineer some specified and some proprietary telecom Core Network protocols.
  • Access network protocols analysis. We will look into the network protocols that are used by the mobile handsets toward the mobile network.
  • Cisco ASR5x00 Network Element description, analysis and reverse engineering.

Attendees Will Receive

Training material: Protected copy of the slides used by the presenter.



  • Basic knowledge of telecom & network principles: what is 2G, 3G, 4G; OSI network layers.
  • Basic knowledge and usage of Wireshark.
  • Basic skills and usage of Linux for reverse engineering (knowledge of tools in a Backtrack/Kali for reverse engineering is a plus).
  • Basic skills in Python programming

Minimum Software to install:

  • Laptop with Linux installed either in a VM or native, Backtrack/Kali recommended.
  • optional: Disassembler such as Hopper/Radare2/IDA Pro
  • Mobile phone (Android recommended) and working SIM card with sufficient credit for voice, SMS and data (roaming working and tested is a plus).
  • Additional SIM cards optional.
  • Know how to to tethering for your laptop through your mobile phone


P1 Security has a recognized leadership in Telecom and Mobile Security, based on innovative products & cutting edge expertise.

P1 Security has developped a telecom-specific vulnerability scanner, used to scan Access & Core Network Elements for SS7/SIGTRAN & LTE/Diameter protocols, a telecom-specific IDS and monitoring system, a telecom protocols fuzzer, used to test the robustness of specific Network Elements and an up-to-date database in Telecom vulnerabilities & threat information.

P1 Labs, R&D branch of P1 Security, is leading the SS7map project (, bound to investigate SS7 risks of network infrastructure’s exposure and subscribers’ privacy leaks.

P1 Security team includes former experts of telecom operators and security companies as well as renowned security researchers who regularly present unique P1 Security research at leading international security conferences.

P1 Security is a Vendor independent, neutral Company with established references in Europe, Americas, Africa, Middle East, Pacific and Asia.


Click here to register.