Deconstructing DeFeNeStRaTe.C

In 2012, hackers were running rampant in Swedens federal mainframes. During the course of the investigation, it was thought it might be a good idea to release ALL the investigation documentation to the public. Included in these public files were snippets (or full programs) of the tools the hackers developed to work on an IBM z/OS mainframe. But not every tool developed was included in those papers. Shortly after the documents were released, your speaker was sent a DM out of the blue with a link to a pastebin and two simple questions, “was this an exploit? how did it work?” Why did they contact the speaker? Because it was thought he originally was the one who did the breach. This talk is a deep dive in to the unix part of a mainframe, looking at exactly what this C program was doing, and how it accomplished it. This talk has got it all, when it comes to mainframe privilege escalation, APF unix programs, buffer overflows, hijacking return addresses, debugging, and changing ACEEs. After this talk, you’ll be able to know exactly what DeFeNeStRaTe.C was (trying?) to do and see it in action!

Presented by