Why These Skills Matter?

 

​

5G networks are critical infrastructure, supporting healthcare, finance, transport, smart cities, and defense systems. Their distributed, cloud-native, and software-defined architecture introduces new and complex attack surfaces that traditional security approaches may not cover. Threat hunting skills enable cybersecurity professionals to proactively identify and mitigate threats before they escalate into serious incidents. These skills also help organizations maintain regulatory compliance, protect sensitive subscriber data, and ensure service continuity. By understanding the unique risks of 5G, including network slicing, MEC, and service-based architectures, professionals can strengthen end-to-end security, reduce operational risk, and support safe innovation in next-generation telecom networks.

 

​​​​​​

​

Entry requirements

​​​​​​

• At least 3 years of cyber security experience

​

• Min. 1 year of work experience in telecommunication

​

• Understand TEL 1-1 course (5G Fundamentals) in CyberXCenter, knowing the basic fundamentals of Telecommunication network.

​

• Attended TEL 2 Series of CyberXCenter course:

  • TEL 2-1: 5G PDU Registration and Session Establishment Analysis

  • TEL 2-2: IMS and Call Protocol Analysis

  • TEL 2-3: 5G Kubernetes Security

​

• Attended TEL 3-1 of CyberXCenter course: o TEL 3-1 5G Threat Hunting P1​

​​

​

For those overseeing telecom personnel, these skills are also crucial for guiding secure operations, enforcing best practices, and mentoring teams on emerging risks. Understanding the 5G threat landscape allows cybersecurity leaders to coordinate defense strategies, implement effective monitoring, and maintain operational resilience, ensuring that both the network and the people managing it are prepared for real-world threats.

 ​

​

​

​

​

COURSE DURATION:

​

​

• 3 days of Instructor-led training

 

 

 

​

​

EXPECTATION AFTER THE TRAINING

​

​

• Proactive Threat Detection: Ability to identify and investigate anomalies, indicators of compromise (IoCs), and suspicious activity across 5G networks.

​

• Understanding 5G Security Architecture: Clear comprehension of 5G Core, RAN, MEC, network slicing, and cloud-native components, and their implications for cybersecurity.

​

• Use of Security Tools: Competence in inspecting PDU, SIP and log within 5G environment for monitoring, threat analysis, and incident response of a 5G threat.

​

• Incident Response Readiness: Capability to contain, mitigate, and document incidents effectively, coordinating with operational teams and SOCs.

 

 

 

​

​

WHAT WILL BE COVERED IN THE COURSE:

 

​

1. Recap of Threat Hunting Introduction

• Review Key Concepts – Revisit the fundamentals of proactive threat hunting and hypothesis-driven investigation.

​

• Threat Detection Workflow – Understand how analysts collect, analyze, and correlate security data.

• Lessons from Part 1 – Summarize key attack techniques and defense strategies observed in earlier labs.

 

2. Advanced Threat Hunting Mastery

• Behavior-based Detection – Focus on identifying attacker behaviors rather than only known indicators.

• Data Correlation – Combine logs from network, cloud, and 5G core components to identify complex attacks.

• Automation and AI – Use analytics tools and machine learning to accelerate threat discovery.

 

3. Privilege Escalation in 5G

• Attack Objective – Attackers attempt to gain higher-level access to critical network components.

• Common Techniques – Exploiting misconfigurations, weak credentials, or vulnerable services.

• Detection Strategy – Monitor abnormal privilege usage, role changes, and suspicious access patterns.

 

4. Initial Entry

• Entry Points – Attackers may enter through exposed APIs, compromised credentials, or vulnerable services.

• Attack Vectors – Phishing, credential theft, or exploitation of public-facing systems.

• Early Detection – Monitor unusual login activity, abnormal API usage, and network anomalies.

 

5. Impact - Media Resource Function

• Role in 5G Core – The Media Resource Function processes media streams such as voice and video services.

• Potential Impact – Attacks can disrupt voice services, degrade quality, or intercept communications.

• Security Monitoring – Track abnormal traffic flows, service disruptions, and unusual resource consumption.

 

6. Kubernetes Weakness

• Configuration Risks – Misconfigured clusters, exposed dashboards, or overly permissive roles.

• Container Security Issues – Vulnerable container images and insecure runtime environments.

• Mitigation – Implement RBAC controls, image scanning, and strong cluster monitoring.

​

7. Hands-on Lab: Attack and Defense

• Attack Scenario – Simulate a multi-stage attack involving initial entry and privilege escalation.

• Threat Hunting Exercise – Analyze logs and telemetry to identify attacker movements within the environment.

• Defense Techniques – Implement security controls, detection rules, and response procedures.