Dealing the perfect hand - Shuffling memory blocks on z/OS

DEF CON 25

Presented by: Ayoul3
Date: Saturday July 29, 2017
Time: 16:00 - 16:45
Location: 101 Track

Follow me on a journey where we p0wn one of the most secure platforms on earth. A giant mammoth that still powers the most critical business functions around the world: The Mainframe! Be it a wire transfer, an ATM withdrawal, or a flight booking, you can be sure that you've used the trusted services of a Mainframe at least once during the last 24 hours. In this talk, I will present methods of privilege escalation on IBM z/OS: How to leverage a simple access to achieve total control over the machine and impersonate other users. If you are interested in mainframes or merely curious to see a what a shell looks like on MVS, you're welcome to tag along.

Ayoul3

Ayoub is a pentester working for Wavestone, a consulting firm based in France. He got interested in Mainframe security in 2014 when, during an audit, he noticed the big security gap between this platform and standard systems like Windows and Unix. A gap that makes little sense since z/OS has been around for a while and is used by most major companies to perform critical business operations: wire transfer, claim refunds, bookings, etc. If you want to test some of the tools showcased during the talk, you can check out his tools: https://github.com/ayoul3/ @ayoul3__


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats