Dealing the Perfect Hand - Shuffling Memory Blocks on z/OS

Presented at Black Hat Europe 2017, Dec. 6, 2017, 10:15 a.m. (60 minutes).

Follow me on a journey where we pwn one of the most secure platforms on earth. A giant mammoth that still powers the most critical business functions around the world: The Mainframe! Be it a wire transfer, an ATM withdrawal, or a flight booking, you can be sure that you've used the trusted services of a Mainframe at least once during the last 24 hours. In this talk, I will present methods of privilege escalation on IBM z/OS: How to leverage a simple access to achieve total control over the machine and impersonate other users. If you are interested in mainframes or merely curious to see a what memory manipulation looks like on z/OS, you are welcome to tag along.


Presenters:

  • Ayoub Elaassal / Ayoul3 - Senior Security Consultant, PwC   as Ayoub Elaassal
    Ayoub Elaassal is a pentester at PwC France. He became interested in Mainframe security in 2014 during an audit when he noticed the big gap in security between this platform and standard systems like Windows and Unix. A gap that makes little sense since z/OS has been around for a while and is used by most major companies to perform critical business operations: wire transfer, claim refunds, bookings, etc. He gave talks about some of his Mainframe hacking tools at Hack In the Box, Hack in Paris and ZeroNights Follow him on Twitter at @ayoul3__ or Github https://github.com/ayoul3

Links:

Similar Presentations: