5G networks are being opened up at every layer, and attackers are paying close attention. The radio interface still ships with misconfigurations in the wild: encryption disabled, integrity protection unenforced on signaling and user plane traffic, and null ciphers still accepted by live base stations. The 5G core runs on cloud-native REST-based architectures where a single misconfigured network function can expose subscriber data or provide persistence into critical infrastructure.

This session, led by Sébastien Dudek, founder of Penthertz, will cover:

• How real-world radio assessments test for encryption enforcement, null cipher acceptance and network isolation failures across 5G NSA and SA deployments;
• How a purpose-built open-source Burp Suite extension automates 5G core API pentesting - covering NF discovery, IMSI enumeration, credential extraction and API fuzzing;
• How OpenRAN's disaggregated architecture and CAMARA's network capability APIs introduce attack surfaces that enable subscriber surveillance, SIM swap abuse and fraud.