Electrical Engineer, Cyber Security (purple hat), Drones & Robotics, Professor, And an entrepreneur

Geekweek Canada Cybersecurity

Tamimi May 01, 2022 [Professional] #Pentesting #GSM #Red team #Blue team #Private Cellular Network #Attack 5G #CTF #Geekweek #Cybersecurity
geekweek 7.5

Img1: GEEKWEEK 7.5 official logo

What is GEEKWEEK?

GeekWeek is an annual unclassified workshop organized by the Canadian Centre for Cyber Security (Cyber Centre). It brings together key players in the field of cyber security to generate solutions to vital problems facing the industry.

GeekWeek is an opportunity for representatives from critical incident response teams, critical infrastructure partners (government, finance, health, etc.), academia, and international cyber security partners to collaborate in new ways and improve the overall cyber security landscape.1

I represented the company, IndroRobotics, at the Geekweek 7.5 event. The participation was divided into two categories: Red Team and Blue Team activities.

geekweek 7.5 participating organizations

Img2: Participating organizations including the company I represented

Teams

geekweek 7.5 teams My team

Img3/4: GEEKWEEK 7.5 participated teams and my team

The event comprised six teams, each specializing in different domains and led by a 'guild' leader

Scope

The scope of geekweek for our company was as follows:

Blue Team activity

In the blue team role, I prepared a fully functional platform, Indropilot, to fly a drone. This was connected to a private 5G network provided by Nokia and was set up to be penetration tested by other teams to identify any potential vulnerabilities. Although I had it running during the Geekweek period, I am unaware if any other team attempted to breach it. However, no Indicators of Compromise (IoC) were found after the event concluded.

The Drone connected to the portable private 5G network provided by Nokia

Img5: The Drone's connected to the portable private 5G network provided by Nokia

Red team activity

As part of the Red Team activity, the team was tasked with auditing and penetration testing the 5G private network provided by Nokia. This was a grey box test, meaning the Nokia team provided some information about the architecture and access to the network through SIM cards, and the team took it from there.

The geekweek team is briefed by the Nokia technician about the cellular private network, primarily the 5G NR

Img6: The geekweek team is briefed by the Nokia technician about the cellular private network, primarily the 5G NR

The team's findings and results were shared at the end of Geekweek. Unfortunately, I cannot provide more details as all participants were under a Non-Disclosure Agreement (NDA) regarding the event's proceedings.

Nokia team is setting up the cellular private network, primarily the 5G NR

Img7: Nokia team is setting up the cellular private network, primarily the 5G NR

Geekweek 7.5 also featured other exciting activities, such as penetration testing of autopilot cars. I highly recommend reading about it on the official site.

Microsoft team with an auditing team for the self-driving car

Img8: Microsoft team with an auditing team for the self-driving car

Note: The comment section is powered by Cactus/Matrix. If you use the official Matrix server, you are good to go. However, if you use your personal Matrix server, make sure to log in with the first button and use your own client. This is because my CSP only allows Cactus/Matrix domains to connect from this site, and most likely, your profile picture will be broken!

1

Canadian Centre for Cyber Security GEEKWEEK

Back to top

Index

What is GEEKWEEK?
Teams
Scope
- Blue Team activity
- Red team activity