DeepSec 2024 Training: Attacking and Defending Private 5G Cores – Altaf Shaik
Security is paramount in private 5G networks because of their tailored nature for enterprises. They handle sensitive data, connect mission-critical devices, and are integral to operations. This advanced 5G Core Security Training is a comprehensive program designed to equip security professionals with advanced skills and techniques to identify and mitigate potential security threats in private 5G networks. Participants will gain a deep understanding of 5G core security and protocols, and learn how to develop and use the latest 5G pen testing tools and techniques to perform vulnerability assessments and exploit development. The training will also cover the latest 5G security challenges and best practices, and provide participants with hands-on experience in simulating original attacks and defenses on a local zero-RF-transmitting 5G network.
We asked Altaf a few more questions about his training.
Please tell us the top 5 facts about your training.
- Comprehensive Coverage: covers a wide range of topics, including 5G network architecture,
security features, threat modeling, risk assessment, defense-in-depth strategies. - Practical Application: Participants will engage in hands-on exercises, simulations, and practical
demonstrations to mirror real-world 5G security challenges. - Ethically Controlled Environment: All practical exercises are conducted in a controlled test
environment using ethical hacking tools and techniques. - Focus on Emerging Threats: The training addresses new attack vectors such as vulnerabilities in
network slicing, rogue network functions, and container breakouts. - Advanced Techniques: Participants will learn advanced topics like fuzzing the service-based and
Telecom APIs to identify and mitigate potential vulnerabilities.
How did you come up with it? Was there something like an initial spark that set your mind on creating this training?
The initial spark came from observing the increasing adoption of private 5G networks across various industries and recognizing the significant security challenges they face. A lack of expertise in securing these networks underscored the importance of specialized training. The goal was to bridge this gap by providing a comprehensive, hands-on training program that equips professionals with the necessary skills to defend 5G core networks.
Why do you think this is an important topic?
As industries increasingly adopt 5G technology for mission-critical systems and sensitive data transmission, the security of these networks becomes paramount. Given the evolving cyber threats, there is a pressing need for professionals who are skilled in securing 5G core networks. This training effectively addresses a critical knowledge gap and prepares participants to safeguard these networks, ensuring their availability, integrity, and confidentiality.
Is there something you want everybody to know – some good advice for our readers, maybe?
Stay curious and continuously update your knowledge. The field of cybersecurity is ever-evolving, and staying ahead of the curve requires a commitment to learning and adapting. Embrace practical, hands-on experience and always be prepared to think like an attacker to better defend your networks.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your training in particular?
The next innovations in 5G security will probably focus on AI-driven threat detection and response mechanisms, which can provide real-time insights and automated defenses against sophisticated attacks. However, the increasing complexity of 5G networks may also introduce new vulnerabilities, particularly with integrating IoT devices and network slicing. Continuous vigilance and adaptation will be essential to mitigate these risks and maintain secure 5G environments.
Dr. Altaf Shaik is a senior researcher at the Technische Universität Berlin in Germany, and conducts advanced research in telecommunications esp. in 6G security architecture, openRAN, and 5G radio access and core network security. He holds over 11 years of experience in Telecom security and combines a professional background in embedded programming, wireless communications, and offensive network security. Dr. Shaik spent his career as a security engineer and expert at various leading telecommunication companies, including Gemalto (currently Thales), Deutsche Telekom (Germany), and Huawei Technologies (Sweden). His PhD research help improve the 3GPP 4G security standards and also exposed several vulnerabilities in commercial mobile networks affecting millions of base stations, networks, and handsets worldwide. His post-doctoral research exposed vulnerable API designs in the latest 5G networks and slicing vulnerabilities in the 5G security specifications leading to serious attacks. Dr. Shaik is a frequent speaker at various prestigious international security conferences such as Blackhat USA & Europe, T2, SECT, Nullcon, Hardware.io and HITB, and many others. His accomplishments landed him in the hall of fame of organizations like Google, Qualcomm, Huawei, and GSMA. He is also the founder of Kaitiaki labs and FastIoT that trains internationally various companies and governmental organizations in exploit development and also building secure mobile and IoT networks, including their testing and security assessment.