Mainframe Hacking for CICS and Giggles

Presented at BSidesLV 2023, Aug. 9, 2023, 11:30 a.m. (Unknown duration)

Mainframe systems continue to drive global economic activity despite the "legacy" label they are often associated with. In fact, mainframes are responsible for business-critical functions across 70 percent of Fortune 500 companies. If you have ever withdrawn cash at an ATM, done your taxes online, or booked a flight for your next holiday, you have likely interacted with a mainframe application. As with all business-critical systems, ensuring they are secure is imperative. This talk is designed for anyone interested in the security of these mainframe applications. We will go over how mainframe systems work, why they are so important, how the applications work, how they are used, and how the researchers were able to exploit a number of vulnerabilities in real world mainframe applications.

Presenters:

• Jan Nunez
• Jay Smith
  Jay is a lead security researcher at a Fortune 500 company. He has over 25 years of experience across a variety of IT domains including system and network engineering, development, and offensive security. His current research primarily involves niche technologies such as IVR, MQ, Mainframes, and ATMs.

Links:

• https://www.bsideslv.org/talks#T9QY8E

Similar Presentations:

• ShmooCon 2023 / Mainframe Hacking for CICS and Giggles
• DEF CON 30 (2022) / Doing the Impossible: How I Found Mainframe Buffer Overflows
• DEF CON 22 (2014) / From root to SPECIAL: Pwning IBM Mainframes