Mohamed Fadel

Penetration Testing Team Leader at Security Meter, Egypt

Telecommunication Security

Red and Blue Pill in Telecom Security

We will be talking about telecommunication security, especially SIP Protocol Security vulnerabilities inside IMS and Telecom Networks such as CLI Spoofing, encryption weaknesses, and Protocol manipulation attacks and how to exploit these vulnerabilities to conduct more advanced red team operations, we will also talk about SIP interconnects between international and national telecom operators and how it can be abused by a malicious telecom operator and how these vulnerabilities may affect the national security. And we will be also demonstrating the development process of the SMSIP open-source tool which I use during SIP assessments

Mohamed is Penetration Testing Team Leader at Security Meter specializing in Network and Application penetration tests along with source code review assessments also conducts complex telecommunication attacks such as SIP, SS7, and VoIP services such as IVR, and IoT / hardware security assessments and reverse engineering related to ATMs and PoSs. He also discovered many vulnerabilities in big companies and agencies such as the US Dept of Defense, CERT-EU, Google, Adobe, IBM, Sony, Trend Micro, Cisco, Arduino, ESET, Nike, Yahoo, HackerOne, and many classified organizations, etc., also he is the author of [ CVE-2019-19690 | CVE-2020-14601 | CVE-2020-14602 | CVE-2020-14603 | CVE-2020-14604 | CVE-2020-14605 ], also he is a security trainer with more than 5 years of experience in training and also a speaker at multiple conferences such as the OWASP Cairo Chapter, and also [eWPTX | CRTE | CRTP | eCPPT| eMAPT | LCAST | CCNA | eWPT] certified.