Attacking Public and Private 5G Infrastructure and Defense - Akib Sayyed - DCTLV2026

Name of Training: Attacking Public and Private 5G Infrastructure and Defense
Trainer(s): Matrix Shell's Akib Sayyed
Dates: August 10-11, 2026
Time: 8:00 am to 5:00 pm 
Venue: Las Vegas Convention Center
Cost: $2,500 (USD)

Short Summary:

This two-day, hands-on training delivers an adversary-driven exploration of public and private 5G network security using realistic attack and defense labs mapped to the MITRE FIGHT framework. Participants learn to identify, exploit, and mitigate real-world 5G risks across core, RAN, and network slicing architectures.

Course Description:

This two-day, hands-on training provides a practical, adversary-driven exploration of public and private 5G network security. The course begins with a clear breakdown of 5G architecture, trust boundaries, and attack surfaces, then progresses into realistic threat modeling, attack simulation, and defensive engineering. Participants gain direct exposure to how control-plane abuse, exposed APIs, cloud-native weaknesses, and network slicing failures can impact modern 5G deployments.

Throughout the course, the MITRE FIGHT framework is used as a unifying methodology to map 5G components, attacker techniques, multi-stage attack chains, and defensive controls. Every module includes guided labs that allow participants to analyze, attack, and harden 5G environments in a safe, virtualized setting. By the end of the training, attendees will be able to assess real-world public and private 5G networks, understand how attacks propagate across telecom ecosystems, and apply repeatable security strategies aligned with operational and compliance requirements.

Course Outline:

This training is designed to provide security professionals, security managers, telecom architects, and technically inclined security enthusiasts with a structured understanding of 5G network security for both public and private deployments. Participants will gain practical insight into core 5G architecture concepts, threat surfaces, adversarial techniques, and security design considerations specific to modern 5G environments.

Delivered as a project-based, hands-on workshop, the training focuses on real-world 5G use cases, including public mobile networks and private 5G network slices. Attendees will analyze realistic attack scenarios, perform 5G-specific threat modeling, and understand how security weaknesses propagate across the RAN, Core, and Service-Based Architecture (SBA).

For each use case, the training demonstrates how to harden 5G architectural components, apply security controls aligned with industry standards, and mitigate identified risks while meeting
cybersecurity and compliance requirements. Emphasis is placed on understanding the security impact of network slicing, cloud-native 5G cores, interconnects, and exposure APIs, with a clear distinction between public and private 5G threat models.

By the end of the training, participants will be equipped to evaluate, design, and defend secure public and private 5G networks against contemporary and emerging attack techniques.

Learning Objectives

By the end of this training, participants will be able to:

1. Explain the security architecture of public and private 5G networks, including SBA, network slicing, exposure APIs, and cloud-native core functions.
2. Identify and model 5G-specific threat surfaces across RAN, Core, interconnects, and enterprise integration points.
3. Analyze realistic attack paths and adversary techniques targeting 5G signaling, APIs, slice isolation, and control-plane functions.
4. Perform structured threat modeling for 5G use cases, differentiating risks between public operator networks and private 5G deployments.
5. Assess the impact of 5G security failures on availability, confidentiality, integrity, billing, and regulatory compliance.
6. Apply secure design and hardening techniques to mitigate identified risks in both public and private 5G architectures.
7. Evaluate 5G network designs and deployments from a red-team and defensive engineering perspective.

Day 1 – Foundations, Threat Modeling, and Initial Attacks

Session 1: 5G Architecture & Security Foundations
Focus: Understanding what to attack and defend

Topics

• 5G architecture: RAN, Core, SBA, cloud-native design
• Public vs. private 5G security models
• Trust boundaries and exposure points
• Introduction to the MITRE FIGHT framework for 5G

Lab 1: 5G Architecture Mapping with MITRE FIGHT
Objective: Establish architectural awareness and security baselines

Activities

1. Deploy a virtualized reference 5G environment (public and private variants).
2. Identify and document 5G components (RAN, Core NFs, SBA services, exposure interfaces).
3. Define trust boundaries and security zones.
4. Enumerate exposed interfaces and inter-service communication paths.
5. Map each component and interface to relevant MITRE FIGHT tactics and techniques.
6. Identify high-risk architectural choke points for later exploitation.

Session 2: 5G Threat Landscape & Adversary Models
Focus: Who attacks 5G and why

Topics

• 5G-specific adversary capabilities and motivations
• Control-plane, signaling, and API-based attack surfaces
• Differences in attacker models for public vs. private 5G
• Using FIGHT to describe adversary behavior

Lab 2: FIGHT-Driven Threat Modeling for Public & Private 5G
Objective: Understand attacker perspectives and risk propagation

Activities

1. Identify critical assets for public and private 5G scenarios.
2. Define adversary profiles and attack objectives.
3. Enumerate entry points across control plane, user plane, and APIs.
4. Develop attack paths using structured threat modeling.
5. Map attack paths to MITRE FIGHT techniques.
6. Compare risk exposure between public and private 5G deployments.

Session 3: Offensive Techniques in 5G Networks
Focus: How 5G networks are actually compromised

Topics

• SBA service abuse and API misconfigurations
• Network slicing isolation failures
• Cloud-native weaknesses in 5G cores
• Mapping offensive actions to MITRE FIGHT

Lab 3: Simulated 5G Control-Plane Attacks
Objective: Observe how misconfigurations lead to compromise

Activities

1. Identify misconfigured or weakly protected 5G interfaces.
2. Interact with SBA services and exposure APIs in a controlled environment.
3. Trigger simulated signaling and control-plane abuse scenarios.
4. Observe service impact, information leakage, or policy bypass.
5. Map each observed technique to MITRE FIGHT.
6. Document indicators of compromise and security gaps.

End of Day 1 Outcome
Participants understand 5G architecture, can model realistic threats, and have hands-on experience executing and mapping initial attack techniques using MITRE FIGHT.

Day 2 – Attack Chaining, Defense, and Operations

Session 4: End-to-End 5G Use Case Attack Chains
Focus: How small weaknesses become systemic failures

Topics

• Public network slice attack scenarios
• Private 5G enterprise and industrial use cases
• Multi-stage attack progression across 5G domains
• Campaign-level analysis using FIGHT

Lab 4: End-to-End 5G Attack Chain Workshop
Objective: Understand multi-stage attacks and escalation

Activities

1. Select a public network slice or private 5G use case.
2. Chain multiple attack techniques across different 5G domains.
3. Track lateral movement across network functions and services.
4. Analyze cross-slice or cross-domain impact.
5. Represent the full attack campaign using MITRE FIGHT.
6. Assess operational and business impact of the attack chain.

Session 5: Defensive Architecture & Risk Mitigation
Focus: Designing defensible 5G networks

Topics

• Security control placement in 5G architectures
• Monitoring, detection, and logging strategies
• Aligning controls with MITRE FIGHT techniques
• Public vs. private 5G defensive trade-offs

Lab 5: Hardening and Defending a 5G Network
Objective: Apply defensive engineering and risk reduction

Activities

1. Review previously exploited weaknesses and attack paths.
2. Redesign trust boundaries and interface exposure.
3. Apply security controls aligned with MITRE FIGHT techniques
4. Configure monitoring, logging, and detection points.
5. Validate improved resilience through re-testing.
6. Measure and document risk reduction outcomes.

Session 6: Operational Security & Incident Response
Focus: Running 5G securely in production

Topics

• Common operational failures in 5G deployments
• Using FIGHT for continuous assessment
• Integrating 5G security with SOC and IR workflows

Lab 6: 5G Incident Analysis and Response Using MITRE FIGHT
Objective: Practice operational security and incident response

Activities

1. Analyze simulated 5G security incident artifacts.
2. Reconstruct attacker behavior and timelines.
3. Map observed behavior to MITRE FIGHT tactics and techniques.
4. Assess blast radius and service impact.
5. Develop prioritized remediation actions.
6. Propose long-term security improvements for public and private 5G operations.

End of Day 2 Outcome
Participants can evaluate, attack, defend, and operationally secure public and private 5G networks using a structured, repeatable approach grounded in MITRE FIGHT.

Why This Training Is Unique
This training delivers a hands-on, adversary-driven exploration of 5G security across both public mobile networks and private 5G deployments. Unlike traditional telecom security courses that focus on standards or vendor architectures, this course treats 5G as a live, attackable system, exposing how real-world design decisions, misconfigurations, and operational practices create exploitable security gaps.

A core differentiator is the end-to-end use of the MITRE FIGHT framework as an operational methodology rather than a reference model. Participants apply FIGHT throughout the training to map 5G architecture components, attacker techniques, multi-stage attack chains, defensive controls, and incident response activities, enabling repeatable and measurable security assessments.

The training uniquely compares public and private 5G threat models side by side, highlighting how trust boundaries, attack surfaces, and risk profiles differ across operator and enterprise environments. This distinction is increasingly critical as private 5G adoption accelerates.

Every module includes guided, project-based labs that demonstrate realistic attack and defense scenarios involving control-plane abuse, API exposure, network slicing failures, and cloud-native 5G weaknesses. By combining offensive realism, defensive engineering, and operational response, this training equips participants with practical skills directly applicable to real-world 5G networks.

Difficulty Level:

Intermediate - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

This training is intended for professionals involved in the design, assessment, operation, and defense of public and private 5G networks, including:

• Telecom and network security engineers
• Penetration testers, red team operators, and offensive security professionals
• SOC analysts supporting telecom and mobile network environments
• Core network and RAN engineers responsible for 5G infrastructure
• Roaming and interconnect teams, and telecom network planning professionals
• Security researchers and threat intelligence analysts
• Early-career professionals working in telecom security or network defense roles
• Cellular network and cellular IoT engineers and developers
• Automotive and connected vehicle security engineers leveraging 5G connectivity
• Government radio network authorities and governmental security organizations

Suggested Prerequisites:

Students will benefit most from this training if they have:

• A basic understanding of IP networking concepts (TCP/IP, routing, DNS, firewalls)
• Familiarity with core security concepts, including attack surfaces, authentication, authorization, and threat modeling
• General awareness of API security fundamentals, such as REST APIs, authentication
mechanisms, and common API abuse patterns
• General awareness of telecom or mobile network fundamentals (e.g., LTE/5G terminology and signaling concepts)
• Comfort reading and interpreting network traffic, logs, and API interactions
• Basic command-line experience on Linux, macOS, or Windows

No prior hands-on experience with 5G implementation, RF engineering, or telecom security tooling is required. All 5G- and API-specific concepts needed for the labs will be introduced during the course.

What Students Should Bring:

Participants should bring the following to effectively participate in the hands-on labs:

• A laptop running Linux, macOS, or Windows with full administrative (root/administrator) access
• Minimum 16 GB RAM recommended (8 GB may be insufficient for lab environments)
• At least 50 GB of free disk space for virtual machines, containers, and lab artifacts
• Ability to run Docker or Podman and/or virtualization software (VirtualBox, VMware, or
equivalent)
• A modern web browser and SSH client installed
• Reliable Wi-Fi capability

Recommended:

• Basic familiarity with command-line interfaces (Linux shell or PowerShell)
• Prior exposure to networking or security concepts

Not Required:

• RF hardware or SDR equipment
• Prior 5G implementation or telecom security experience

All lab environments and instructions will be provided. The training uses virtualized and containerized 5G scenarios to ensure a safe, non-destructive, and accessible learning experience.

What the Trainer Will Provide:

Course materials and lab resources provided by the instructor will include:

• Course Materials: Comprehensive slide deck, structured lab workbook, MITRE ATT&CK and MITRE FIGHT matrices adapted for 5G, and curated real-world case studies.
• Lab Environment: Prebuilt virtual machine and containerized lab setup, including tools such as Wireshark, signalling and core-network testing utilities, and curated sample PCAP files for analysis.
• Automation Resources: Instructor-provided automation scripts for executing controlled test scenarios across simulated RAN and core network environments.
• SIM and Network Test Resources: Test SIM profiles for lab exercises and access to controlled test radio network and RF environments during supervised lab sessions.
• Hands-On Hardware Exposure: Demonstration and supervised use of portable telecom testing devices during labs. A limited number of participants may receive a portable telecom testing pocket device as part of a lab challenge or exercise.
• Certificate of Attendance: Students who attended full 2 days training will get certificate of attendance from Telecom Village. All materials are designed for safe, non-destructive testing and are provided solely for educational purposes within the controlled lab environment.

All materials are designed for safe, non-destructive testing and are provided solely for educational purposes within the controlled lab environment.

Trainer(s) Bio:

Akib Sayyed is the Founder and CEO of Matrix Shell, a telecom-native cybersecurity company focused on securing 4G/5G core networks, interconnects, and next-generation cellular infrastructures. He is a telecom security practitioner and researcher with deep expertise in signaling security, mobile core attack surfaces, and adversary-driven security testing of public and private cellular networks.

Akib has delivered hands-on trainings at leading international security conferences, including Black Hat, where he has demonstrated real-world attack and defense techniques across modern mobile networks. He is also the founder and organizer of the Telecom Village at DEF CON, a community-driven initiative dedicated to advancing research, hands-on learning, and collaboration in telecom and cellular security. Through his work, Akib bridges telecom engineering and offensive security, with a strong focus on practical threat modeling, breach simulation, and operational defense of large-scale mobile networks.

Proficiency Exam Option:

This course has the option for a proficiency certificate add-on. To pass the exam, students must collect 8 out of 10 points during a 30-minute CFT exercise.

Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.

Registration Terms and Conditions: 

Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.

Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

All trainings are non-refundable after August 5, 2026.

Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

Several breaks will be included throughout the day. Please note that food is not included.

All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.