Deconstructing DeFeNeStRaTe.C

ShmooCon XV - 2019

Presented by: Soldier of FORTRAN
Date: Sunday January 20, 2019
Time: 10:00 - 10:50
Location: Main Room
Track: Bring It On

In 2012, hackers were running rampant in Swedens federal mainframes. During the course of the investigation, it was thought it might be a good idea to release ALL the investigation documentation to the public. Included in these public files were snippets (or full programs) of the tools the hackers developed to work on an IBM z/OS mainframe. But not every tool developed was included in those papers. Shortly after the documents were released, your speaker was sent a DM out of the blue with a link to a pastebin and two simple questions, “was this an exploit? how did it work?” Why did they contact the speaker? Because it was thought he originally was the one who did the breach. This talk is a deep dive in to the unix part of a mainframe, looking at exactly what this C program was doing, and how it accomplished it. This talk has got it all, when it comes to mainframe privilege escalation, APF unix programs, buffer overflows, hijacking return addresses, debugging, and changing ACEEs. After this talk, you’ll be able to know exactly what DeFeNeStRaTe.C was (trying?) to do and see it in action!

Soldier of FORTRAN

Soldier of FORTRAN (@mainframed767) is a mainframe security researcher. He has been recognized as one of the leading global experts on mainframe hacking; this title was unfortunately bestowed on him since very few have bothered to pick up the mantle. He has worked on implementing support for Nmap and Metasploit. He created libraries for attacking mainframes (njelib & libtn3270) and has spoken at BlackHat, RSA, Thotcon, ISACA SF, ISACA CACS, and DEFCON. He has also keynoted mainframe conferences including SHARE and Guide Share Europe Amsterdam. On top of speaking engagements, he also teaches classes on mainframe auditing and mainframe penetration testing.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats