2025-10-24 –, Europe
This talk delves into the evolving security landscape of mobile networks in 2025, using the MITRE Fight framework as a guiding lens for red teamers. It reviews current vulnerabilities from radio interfaces to signaling and packet networks and outlines actionable attack vectors that adversaries exploit. Participants will gain a clear understanding of how to simulate advanced threat scenarios and deploy effective red teaming techniques against modern mobile infrastructures. By mapping these vulnerabilities to the MITRE Fight framework, the presentation provides red teamers with a structured methodology for emulating real-world adversaries. Key techniques, tools, and simulation strategies will be discussed, equipping security professionals with actionable insights for both offensive testing and defensive improvement. This session is tailored for those seeking to advance their mobile network red teaming skills in an increasingly complex threat environment.
We begin with a review of the current state of mobile network security. Radio interfaces remain vulnerable to interception and manipulation, with techniques like rogue base stations exploiting weaknesses in protocols such as the Radio Resource Control (RRC). Signaling protocols, including SS7 and Diameter, harbor long-standing flaws that allow attackers to intercept calls, track locations, or disrupt services. Meanwhile, the packet core is increasingly IP-based and faces threats from misconfigurations, GTP protocol exploitation, and IP spoofing. While security measures like encryption, mutual authentication, and integrity protection have improved, the integration of legacy systems and the complexity of modern architectures continue to expose exploitable gaps.
Mobile networks advance towards 6G and beyond with complex integrated technologies bringing new security challenges. Red teamers aiming to assess and fortify these networks must understand the difficulties of potential attack vectors. In this session I will try to cover necessary vectors and case studies (Practically) such as:
Vulnerability Review and Security Posture
- 5G/LTE protocol weaknesses, from misconfigurations to design flaws
- Emerging threat vectors in signaling systems such as SS7, Diameter, and GTP
- Common pitfalls in carrier packet networks leading to data exposure or service disruption
Attack Vectors for Red Teamers
- Techniques for intercepting and manipulating radio signals (Deploying rogue base stations to perform man-in-the-middle (MitM) attacks or jamming signals to disrupt connectivity).
- Advanced enumeration tactics on signaling interconnects
- Signaling Attacks: Exploiting SS7, Diameter, or GTP vulnerabilities to intercept communications, impersonate network elements, or launch denial-of-service (DoS) attacks.
- Lateral movement and persistence strategies in multi-layered carrier networks (Targeting the IP infrastructure with techniques like routing manipulation, exploiting virtualized network functions, or breaching public-facing interfaces).
MITRE Fight Framework
- Key attacker TTPs identified in MITRE Fight that map to mobile threat landscapes.
- Aligning red team exercises with these TTPs for better operational realism
- Recommended detection and mitigation strategies to bolster blue team defenses
Ali is a cybersecurity researcher with over a decade of experience in tech fields. He is currently the application and offensive security manager at Canon EMEA. Ali is a regular speaker or trainer at industry conferences and events such as Confidence Conf 2020, Hack In The Box 2023 AMS, DefCon 3x, IEEE AI-ML-Workshop-2021, SSD TyphoonCon 2x, c0c0n, BSides Toronto, Budapest, Calgary, Newcastle, Barcelona, OWASP Ottawa chapter, LeHack2022, NoNameCon, YASCon, COUNTERMEASURE Conference, DragonCon, COSAC 2022, Hacktivity, DefCon Holland, etc.
Moreover, he was a trainer at OWASP Summer of Security 2020 and 2021 July training and a reviewer for Springer Cluster Computing Journal/Elsevier and the 2021 Global AppSec U.S. event. Ali is a Microsoft MVP and has published a book, along with several papers and blog posts.