This sector deep-dive is currently available in Portuguese only. Full English translation is in progress.

/compliance · ANATEL (Telecom)

Pentest ANATEL: Res. 740/2020 e Telecomunicações

Pentest para operadoras de telecom, ISPs e provedores SCM/SMP/SLPP sob ANATEL — Res. 740/2020 (cibersegurança), Lei 13.879/2019 (cabos submarinos).

Cotar pentest ANATEL See vectors

90% manual · 10% automated

OSCP · CISSP · CRTO · GPEN

BR · PT · IT · ES · MA · US · AU

OWASP · MITRE · PTES · NIST

Why now

The real pain

Operadora de telecom é alvo de espionagem, fraude de SIM swap e abuse contra a base de cliente. ANATEL Res. 740 exige programa de segurança e reporte de incidente. ISP regional pequeno é alvo fácil para BGP hijacking e cryptojacking.

Standard and reference

ANATEL Res. 740/2020Lei 13.879/2019Lei 9.472/1997 (LGT)ITU-T X.800 series

/attack-surface

ANATEL (Telecom)

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

Core e BGP

Roteamento, BGP hijacking interno, IRR, RPKI.

BSS/OSS e billing

Portal de assinante, fraude de SIM swap, manipulação de plano, comissionamento.

Mobile core (4G/5G)

HSS, MME, SGW, AMF/SMF/UPF — sinalização Diameter/HTTP/2.

SIM swap e fraude

Processo de troca de chip, validação de identidade, integração com bancário.

DNS e DDoS

Validação de DNS recursivo, anti-DDoS, scrubbing center.

Cliente corporativo

MPLS, VPN gerenciada, segregação entre clientes.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Pentest em operadora regional e ISP corporativo; consulta sobre fraude SIM swap.

Caixa Econômica Federal

Banco BMG

iFood

ArcelorMittal

Multibanco

Polícia Federal

Fórmula 1

OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

Douglas Lopes

Founder · CEO · intrus.io

/crivo · integrity program

87%

of pentester candidates fail our Crivo screening

Do you know who's getting access to your environment?

NDAs work in court. They don't work day-to-day. Before first access, every pentester on our team passes background, psychometric profile and integrity testing.

In-depth criminal, fiscal and professional verification
Psychometric assessment and risk profile
Practical integrity testing with controlled scenarios
Fixed team — non-rotating, no 'stranger every engagement'

Learn about the Crivo programcrivo.intrus.io

/faq

FAQ — ANATEL (Telecom)

Cobrem fraude SIM swap?

Sim. Mapeamos processo end-to-end de troca de chip — autenticação, validação, alerta. Recomendamos política específica para parceiro bancário.

Faixa de preço?

ISP regional: R$ 30-70k. Operadora estadual: R$ 80-200k. Operadora nacional: R$ 200-600k em ciclo multi-fase.

/contact

Cotar pentest ANATEL

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to us See other sectors

Other sectors we cover

/lgpd

LGPD

/iso-27001

ISO 27001:2022

/pci-dss

PCI-DSS 4.0

/bacen-4893

BACEN Res. 4.893

/open-finance

Open Finance / FAPI

/pix