intrus.io
Telecommunications

Pentest for Telecommunications

Offensive security in mobile carriers, ISPs, 4G/5G core networks and billing platforms.

Request a technical meetingSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

Telecom is national critical infrastructure. Attacks on HSS, IMS or SS7 expose millions of users. Roaming fraud and bypass of charging cost tens of millions. Anatel doesn't tolerate superficial pentest.

Applicable regulation

AnatelLGPDISO 27001GSMA NESAS/SCAS

/attack-surface

Vectors we test in telecommunications

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

4G/5G core

MME, HSS, AMF, SMF, UDM. Diameter, GTP, HTTP/2 stateless.

02

Access (RAN)

eNodeB, gNodeB, fronthaul, OSS integration.

03

BSS / OSS

Billing, mediation, CRM, provisioning.

04

SS7 and SIGTRAN

Fraud and interception in legacy SS7 networks.

05

VoLTE / VoWiFi / IMS

Voice over LTE/WiFi, authentication, registration.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Engagements with telecom operators and ISPs.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Telecommunications

Do you cover 5G stand-alone?

Yes. Service-Based Architecture, AMF, SMF, UDM, NRF, mTLS validation, OAuth2 between NF.

Do you serve regional ISPs?

Yes. BNG, BRAS, CGNAT, OSS, customer portal and Anatel integration.

/contact

Ready for a serious pentest in telecommunications?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers