contact@p1sec.com

(Pen)Testing 5G Core Networks

P1 Security has developed in the two last years a set of tools and libraries to help with testing, and pentesting, 5G Core Networks. A dedicated commercial Signaling Scanner is also available since June 2021 for that purpose: the PTA 5GC product...
Read More…

Remote Code Execution through Signaling Using Log4j (CVE-2021-44228)

What is Log4Shell ? Log4Shell (CVE-2021-44228) is a vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. It impacts the library version from 2.0-beta9 to 2.16.0, excluding 2.12.3 . The vulnerability —...
Read More…

All authentication vectors are not made equal

Abstract:In mobile networks, 3G and 4G authentication vectors are completely separate and should not be convertible to each other. P1 Security however discovered that some MNOs distribute over roaming interconnects, for certain subscribers, 3G...
Read More…