Hacking OpenVMS

Presented at DEF CON 16 (2008), Aug. 10, 2008, 10 a.m. (50 minutes)

OpenVMS is considered a highly secure and reliable operating system relied upon by large enterprises around the globe such as Stock Exchanges, Governments and Infrastructure for critical operations. Our talk will focus on subverting the security of the OpenVMS operating system in a number of new and creative ways. There will be an initial brief introduction to the OS basics, security model and its core features. We will also talk about things we perceive as flaws in the security model and weaknesses in the security features provided by OpenVMS. There will also be a practical demonstration of the 0day vulnerabilities found, ranging from logical to memory corruption bugs, along with discussion on how these were found and exploited and obstacles encountered in the process.

Presenters:

• James Tusini - Security Researcher
  James Tusini is a security consultant based in the UK, currently employed as a principal consultant for a London-based firm. Since 2000, James has been undertaking penetration tests and running bespoke projects for large firms within the financial, retail and government sector. He comes from a programming background James enjoys discovering new vulnerabilities and keeping abreast with any new development in the security industry. His interests are not limited to technical stuff though, as he is very keen in the non-technical aspects of process manipulation too, such as social engineering, psychology and hypnosis.
• Claes Nyberg - Security Researcher
  Claes Nyberg is interested in vulnerability research and development of tools and exploits in both userland and kernel space. Claes has released popular tools such as MITM-SSL and MITM-SSH as well as one of the first public non listening shell servers, SAdoor. Claes has previously spoken at Black Hat US and Defcon.
• Christer Öberg - Security Researcher
  Christer is based in the UK. He enjoys discovering and exploiting new software vulnerabilities in pretty much everything except web applications. His favorite targets are OS kernels and "unusual" things like OpenVMS. Christer has previously presented at Black Hat Europe, USA and Defcon.

Links:

• https://defcon.org/html/defcon-16/dc-16-speakers.html#Oberg
• https://infocon.org/cons/DEF CON/DEF CON 16/DEF CON 16 video/DEF CON 16 - Panel - Hacking Open VMS - Video.mp4
• https://www.youtube.com/watch?v=-M1YpfqsG5k

Similar Presentations:

• ShmooCon XII (2016) / Exploiting Memory Corruption Vulnerabilities on the FreeRTOS Operating System
• 32C3 (2015) / Lifting the Fog on Red Star OS: A deep dive into the surveillance features of North Korea's operating system
• AppSec USA 2015 / Security as Code: A New Frontier