LOL We're All Screwed: Mainframe Hacking in 2019

Presented at ShellCon 2019, Oct. 11, 2019, 11 a.m. (50 minutes).

2019 is a hell of a year. Why not make it worse by coming and hearing from one of the world's foremost experts on mainframe hacking? ‘Hmm', you're thinking, ‘mainframes who cares?' If you're using any type of credit card (yes even Apple Pay) you care. It is the most important piece of equipment in any enterprise. So how come you still think they're unhackable?. This talk will go over SNA hacking, VTAM, TSO, CICS, privesc, REXX, and CLISTs, walking through the various techniques successfully used on pentests. Introducing new tools to help conduct penetration tests. You will see how easy it is to get started with mainframe hacking and all the tools currently available today.

Airplane hacks can ground one flight, mainframe hacking can ground the fleet.


Presenters:

  • Philip Young / Soldier of FORTRAN as Soldier of FORTRAN
    Philip Young, aka Soldier of FORTRAN, is a leading expert in all things mainframe hacking. Having spoken and taught at conferences around the world, including DEFCON, RSA, BlackHat and keynoting at both SHARE and GSE Europe, he has established himself as the thought leader in mainframe penetration testing. Since 2013 Philip has released tools to aid in the testing of mainframe security and contributed to multiple opensource projects including Nmap, allowing those with little mainframe capabilities the chance to test their mainframes. In addition to speaking, he has built mainframe security programs for multiple Fortune 100 organizations starting from the ground up to create a repeatable testing program using both vendor and public toolsets. His hope is that through raising awareness about mainframe security more organizations will take their risk profile seriously.

Links:

Similar Presentations: