Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

Post Exploit Goodness on a Mainframe: Special is the New Root

Ayoub Elaassal

3 vote(s)

"Everytime you call an Uber, you trigger a Mainframe transaction". This is a lot to expect from a legacy system dating back to the 60s..or is it?

These platforms are literally holding the world's economy, yet very few pentesters take the time to drill down these machines, compared to Windows and Linux.

Lack of tools? accessibility? openess about the platform?...So many hurdles that this talk will attempt to address by presenting practical attacks against an IBM Z Mainframe.

How to get a shell on the machine? Escalate privileges? Even impersonate other processes on z/OS to wreak havoc on the machine. If you like offensive tools, obscure low level code and esoteric systems, you are most welcome!

===

Ayoub Elaassal is a pentester at PwC France.

He became interested in Mainframe security in 2014 during an audit when he noticed the big gap in security between this platform and standard systems like Windows and Unix.

A gap that makes little sense since z/OS has been around for a while and is used by most major companies to perform critical business operations: wire transfer, claim refunds, bookings, etc.

He gave talks about some of his Mainframe hacking tools at Hack In the Box 2017, Hack in Paris 2017 and ZeroNights 2016.

Follow him on Twitter at @ayoul3__ or Github https://github.com/ayoul3