P1 Security PenTest Team has been providing Penetration Testing services since 1995 to many different industries. We are therefore one of the rare team who can as well address LTE infrastructure with bleeding edge technologies as well as legacy technologies from the 1980s. That enables us to adapt very well to all industries: Mobile network operators, equipment provider, critical infrastructure operators, banks, start-ups or government.
We can perform both Black box and White box testing. P1 Security PenTest Team uses both common open source tools, professional solutions and our own P1 Security solutions for these, with capability to work on binary applications as well as when the source-code is available.Black box
- TCP/IP networks: both internal and external, MPLS based, VLAN based, onsite/offsite
- Web applications: generic, framework based, custom made, integration, CMS such as Drupal, Amdocs, WordPress,
- MNO specific networks: 2G, 3G, LTE, WiMax, CDMA, TRX, VAS, IN, SS7, SIP-E/SIP-T, …
White box pentest is a bit different from code review. Our team does both but with different methodologies and different deliverables.
- Web application review, plugin-targeted
- Sampling of specific network elements
- Config-only whitebox testing
- Wide coverage of frameworks: cakePHP, NodeJS, Ruby on Rails, Flask, …
- Wide coverage of client-side frameworks: YUI, Ext-JS, AngularJS, …
P1 Security PenTest Team is T-shaped. That means broad in technology coverage, and in-depth in term of drill-down capabilities. Scaling up to 70,000 network elements penetration test or reverse engineering some custom-made code for vulnerabilities, that’s a unique capability that well represent P1 capabilities in that domain.
Scalability doesn’t come without automation. We don’t just run a vulnerability scanner. In our Penetration Testing, we use our automation tools, both for network scanning and for reporting. But that goes farther than this. We use technology to enable to focus our manual expertise directly on the systems most probable to be vulnerable.
Thanks to our development effort in P1 Telecom Auditor, the team that does the Pentest is the team that builds the scanner. We therefore benefit from experience and from quick reflexes into what works and what is important.
One indicator for example was to be root on HLRs of our customer within one hour of audit start and 10 minutes from the access to this given class-A network. That’s the result of these combined advantages of both expert, T-shaped team, and advanced automation.
LTE testbed pentest
* Ericsson and Huawei network elements
* Optical taps deployed for active interception and compromise, DWDM attacks
* Result: 30+ vulnerabilities including zeroday vulnerabilities in the tested equipment and many OAM vulnerabilities
2G and 3G Mobile network operator pentest
* All perimeters targeted: 2G, 3G, Corp internet, GRX, VAS, SS7, Diameter, VoIP/SIP
* 70 million live subscriber infrastructure
* Multiple RFC1918 internal networks
* 100,000 live hosts.
* 70,000 network elements
* Result: 150+ vulnerabilities found
SS7 penetration testing
* External perspective only
* Legacy infrastructure
* Result: Compromise of many network elements, crucial vulnerabilities