Presented at
DEF CON 29 (2021),
Aug. 7, 2021, 10 a.m.
(45 minutes).
You've seen talks about container hacking. You've seen talks about mainframe hacking. But how often do you see them together? IBM decided to put containers on a mainframe, so a container hacker and a mainframe hacker decided to join forces and hack it. We became the first people on the planet to escape a container on a mainframe, and we're going to show you how.
Containers on a mainframe? For real. IBM zCX is a Docker environment running on a custom Linux hypervisor built atop z/OS - IBM's mainframe operating system. Building this platform introduces mainframe environments to a new generation of cloud-native developers-and introduces new attack surfaces that weren't there before.
In this crossover episode, we're going to talk about how two people with two very particular sets of skills went about breaking zCX in both directions, escaping containers into the mainframe host and spilling the secrets of the container implementation from the mainframe side.
When two very different technologies get combined for the first time, the result is new shells nobody's ever popped before.
REFERENCES:
Getting started with z/OS Container Extensions and Docker: https://www.redbooks.ibm.com/abstracts/sg248457.html
The Path Less Traveled: Abusing Kubernetes Defaults: https://www.youtube.com/watch?v=HmoVSmTIOxM
Attacking and Defending Kubernetes Clusters: A Guided Tour: https://securekubernetes.com
Evil Mainframe penetration testing course :https://www.evilmainframe.com/
z/OS Unix System Services (USS): https://www.ibm.com/docs/en/zos/2.1.0?topic=system-basics-zos-unix-file
z/OS Concepts: https://www.ibm.com/docs/en/zos-basic-skills?topic=zc-zos-operating-system-providing-virtual-environments-since-1960s
Docker overview: https://docs.docker.com/get-started/overview/
Presenters:
-
Ian Coldwater
- Hacker
Ian is a leading expert on containers and container security.
@IanColdwater
-
Chad Rikansrud / Bigendian Smalls
- Hacker
as Chad Rikansrud (Bigendian Smalls)
Chad is the same, but for mainframes and mainframe security.
@bigendiansmalls
Links:
Similar Presentations: