A Steering of Roaming (SoR) solution in the telecom world is a component used by mobile network operators to manage which networks their subscribers connect to when roaming in other countries. While fuzzing a globally used SoR component, we discovered a remote code execution vulnerability that could be exploited from the position of other telecom operators. In this talk we want to take you with us on the journey from fuzzing setup to crash discovery, initial exploitation all the way to overcoming the network isolation and protocol constraints to craft a exploit that allows for two way communication.