Presented at
ShmooCon XV (2019),
Jan. 20, 2019, 10 a.m.
(60 minutes).
In 2012, hackers were running rampant in Swedens federal mainframes. During the course of the investigation, it was thought it might be a good idea to release *ALL* the investigation documentation to the public. Included in these public files were snippets (or full programs) of the tools the hackers developed to work on an IBM z/OS mainframe. But not every tool developed was included in those papers. Shortly after the documents were released, your speaker was sent a DM out of the blue with a link to a pastebin and two simple questions, “was this an exploit? how did it work?” Why did they contact the speaker? Because it was thought he originally was the one who did the breach. This talk is a deep dive in to the unix part of a mainframe, looking at exactly what this C program was doing, and how it accomplished it. This talk has got it all, when it comes to mainframe privilege escalation, APF unix programs, buffer overflows, hijacking return addresses, debugging, and changing ACEEs. After this talk, you’ll be able to know exactly what DeFeNeStRaTe.C was (trying?) to do and see it in action!
Presenters:
-
Philip Young / Soldier of FORTRAN
as Soldier of FORTRAN
Soldier of FORTRAN (@mainframed767) is a mainframe security researcher. He has been recognized as one of the leading global experts on mainframe hacking; this title was unfortunately bestowed on him since very few have bothered to pick up the mantle. He has worked on implementing support for Nmap and Metasploit. He created libraries for attacking mainframes (njelib & libtn3270) and has spoken at BlackHat, RSA, Thotcon, ISACA SF, ISACA CACS, and DEFCON. He has also keynoted mainframe conferences including SHARE and Guide Share Europe Amsterdam. On top of speaking engagements, he also teaches classes on mainframe auditing and mainframe penetration testing.
Links:
Similar Presentations: