Why These Skills Matter?

 

​

5G networks are critical infrastructure, supporting healthcare, finance, transport, smart cities, and defense systems. Their distributed, cloud-native, and software-defined architecture introduces new and complex attack surfaces that traditional security approaches may not cover. Threat hunting
skills enable cybersecurity professionals to proactively identify and mitigate threats before they escalate into serious incidents. These skills also help organizations maintain regulatory compliance, protect sensitive subscriber data, and ensure service continuity. By understanding the unique risks
of 5G, including network slicing, MEC, and service-based architectures, professionals can strengthen end-to-end security, reduce operational risk, and support safe innovation in next-generation telecom networks.

 

​​​​​

​

Entry requirements

​​​

• At least 3 years of cyber security experience
   

• Min. 1 year of work experience in telecommunication

​

• Understand TEL 1-1 course (5G Fundamentals) in CyberXCenter, knowing the basic
  fundamentals of Telecommunication network.

​​

• Attended TEL 2 Series of CyberXCenter course: 

  • TEL 2-1: 5G PDU Registration and Session Establishment Analysis

  • TEL 2-2: IMS and Call Protocol Analysis

  • TEL 2-3: 5G Kubernetes Security

​​

​

​

• For those overseeing telecom personnel, these skills are also crucial for guiding secure operations, enforcing best practices, and mentoring teams on emerging risks. Understanding

​

• the 5G threat landscape allows cybersecurity leaders to coordinate defense strategies, implement effective monitoring, and maintain operational resilience, ensuring that both the network and the people managing it are prepared for real-world threats.

 

 

​

​

​​​​​​​​

COURSE DURATION:

​

​

• 3 days of Instructor-led training

 

 

 

​

​

EXPECTATION AFTER THE TRAINING:

​​

​

• Proactive Threat Detection: Ability to identify and investigate anomalies, indicators of compromise (IoCs), and suspicious activity across 5G networks.

​

• Understanding 5G Security Architecture: Clear comprehension of 5G Core, RAN, MEC, network slicing, and cloud-native components, and their implications for cybersecurity.

​

• Use of Security Tools: Competence in inspecting PDU, SIP and log within 5G environment for monitoring, threat analysis, and incident response of a 5G threat.

​

• Incident Response Readiness: Capability to contain, mitigate, and document incidents effectively, coordinating with operational teams and SOCs.

 

 

 

​

​

WHAT WILL BE COVERED IN THE COURSE:

 

​

1. Threat Hunting Principles & Methodologies

• Fundamentals of proactive threat hunting

• Hunting vs. reactive incident response

• Threat intelligence sources and mapping to 5G networks

 

2. Our Attack Today

• Landscape of 5G Attack – Quick look at latest threats on 5G

• Attacker Objective – Attacker group discussion, operandi and TTPs

• Study of patterns and behaviours

 

3. MITRE FiGHT Framework

• Framework Purpose – Provides a structured methodology for threat hunting in 5G environments.

• Mapping Attacks – Helps analysts map attacker behaviors to known tactics and techniques.

• Operational Use – Supports detection engineering, hunting workflows, and threat intelligence integration.

 

4. Threat Hunting Important Concepts

• Hypothesis-driven hunting – Analysts start with assumptions based on threat intelligence.

• Indicators vs Behaviors – Look beyond simple indicators and analyze attacker behaviors and patterns.

• Data Sources – Use logs, network traffic, system telemetry, and security alerts.

 

5. Provisioning Gateway (PGW)

• Function – The PGW connects mobile users to external data networks and manages IP connectivity.

• Security Role – Enforces policy control, charging rules, and traffic filtering.

• Threat Risks – Misconfigurations or vulnerabilities can allow data interception or service disruption.

 

6. Hands-on Lab: Attack and Defense

• Attack Simulation – Participants analysing controlled attack scenario on a lab environment.

• Threat Hunting Practice – Analyze logs, network traffic, and system behavior to detect the attack.

• Defense Techniques – Apply mitigation strategies such as access controls, monitoring, and patching.

 

7. API vulnerabilities

• Common Weaknesses – Broken authentication, improper authorization, and lack of input validation.

• Impact – Attackers may access sensitive data, manipulate services, or disrupt 5G functions.

• Mitigation – Implement API gateways, authentication mechanisms, rate limiting, and security testing.