2019-05-17, 16:45–17:45, Conf 2
Over the past 5 years tactics, techniques and procedures have been developed to help you pentest a Mainframe. This talk will cover new tools not yet released and new techniques to help you hack yours.
Mainframes, the once thought unhackable are now anything but. This talk will cover the following:
- History of mainframe hacking
- New TTPs since previous NorthSec talk
- About Mainframes - A quick overview
- TCP/IP to SNA and Logical Unit ENUM
- Getting access - How to get a shell
- Operating system enumeration (REXX/HLASM), privilege escalation and detection avoidance
- Unix enumeration and privilege escalation
Philip Young, aka Soldier of FORTRAN, is a leading expert in all things mainframe hacking. Having spoken and taught at conferences around the world, including DEFCON, RSA, BlackHat and keynoting at both SHARE and GSE Europe, he has established himself as the thought leader in the mainframe hacking scene. Since 2013 Philip has released tools to aid in the testing of mainframe security and contributed to multiple opensource projects including Nmap, allowing those with little mainframe capabilities the chance to test their mainframes. In addition to speaking, he has built mainframe security programs for multiple Fortune 100 organizations starting from the ground up to creating a repeatable testing program using both vendor and public toolsets. His hope is that through raising awareness about mainframe security more organizations will take their risk profile seriously.