Ali Abdollahi
Ali is a cybersecurity researcher with over a decade of experience in tech fields. He is currently the application and offensive security manager at Canon EMEA. Ali is a regular speaker or trainer at industry conferences and events such as Confidence Conf 2020, Hack In The Box 2023 AMS, DefCon 3x, IEEE AI-ML-Workshop-2021, SSD TyphoonCon 2x, c0c0n, BSides Toronto, Budapest, Calgary, Newcastle, Barcelona, OWASP Ottawa chapter, LeHack2022, NoNameCon, YASCon, COUNTERMEASURE Conference, DragonCon, COSAC 2022, Hacktivity, DefCon Holland, etc.
Moreover, he was a trainer at OWASP Summer of Security 2020 and 2021 July training and a reviewer for Springer Cluster Computing Journal/Elsevier and the 2021 Global AppSec U.S. event. Ali is a Microsoft MVP and has published a book, along with several papers and blog posts.
Session
When ShinyHunters breached Odido's Salesforce CRM, the headlines focused on the numbers: 6.5 million records, 48 hours undetected, one phishing email. But that framing misses the point entirely. The breach didn't expose personal data it exposed an identity bridge. And in a telecom environment, that bridge leads somewhere far more dangerous than fraud.
This talk goes past the incident report. We examine what a sophisticated attacker can actually do with a full subscriber dataset, MSISDN, IMSI correlations, service profiles, device identifiers once it leaves a CRM and lands in the hands of someone who understands Telecom Core Networks, Signaling, SS7, Diameter, and the soft underbelly of interconnect infrastructure.