Mainframe Security

Learn to hack?

I was asked about sites that help people learn to hack, and/or present hackable applications, virtual machines and websites. The kind people over at twitter were helpful enough to post their favorites.

Here is a consolidated list as well as a link to the tweet, lots of other good suggestions in there too.

http://overthewire.org/wargames/
http://overthewire.org/wargames/
https://attackdefense.com/
https://azeria-labs.com/arm-lab-vm/
https://github.com/infoslack/awesome-web-hacking
https://github.com/rapid7/metasploitable3
https://github.com/s4n7h0/xvwa/blob/master/README.md
https://hack.me/
https://kb.help.rapid7.com/docs/setting-up-a-penetration-testing-lab
https://lab.pentestit.ru/
https://microcorruption.com/login
https://pentesterlab.com/exercises/
https://www.enigmagroup.org/
https://www.hacking-lab.com/index.html
https://www.hacksplaining.com/
https://www.hackthebox.eu/
https://www.hackthis.co.uk/levels/
https://www.hackthissite.org/
https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project
https://www.owasp.org/index.php/OWASP_Security_Shepherd
https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline
https://www.root-me.org/?lang=en
https://pwnable.tw/
https://www.vulnhub.com/
http://opensecuritytraining.info/
Another great meta list:
http://www.amanhardikar.com/mindmaps/Practice.html

Blackhat 2018

Here are my slides (as video) from blackhat 2018 talk.

**Note there is no audio – runtime is about 11:40

Mainframe-[zOS]-Reverse-Engineering-and-Exploit-Development

Destination: blackhat 2018

Well – I’m pretty excited about this!

blackhat 2018 Briefing – MAINFRAME [Z/OS] REVERSE ENGINEERING AND EXPLOIT DEVELOPMENT

Keynote presentation from SHARE Sacramento 2018

Had a few people ask for the actual presentation, so here you are!

SHARE 2018 Keynote PPTX (95 Mb)

I am a mainframer – Interview with Open Mainframe Project

Interview – I am a mainframer

RACF masking algorithm, unmasked

I’d been asked a few times recently for the code that generates the ICHDEX01 RACF masking exit. If you recall, this was the pre-DES (and long pre-KDFAES) algorithm that RACF used to store its passwords. (If you want more detail about this as the other algorithms, see my presentation from SHARE 2016)

The algorithm, through a series of shifts and XORs transforms the user’s 8 character password into the masked equivalent. Quick users will see that the algorithm does little to actually protect the passwords from reverse engineering as there is a 1:1 relationship with the input (plaintext) character in position X to its corresponding output masked character in the same position X.

For example, given algorithm mask(), the following examples hold true:

PLAIN    MASK
A        D57C4C4C4C4C4C4C
A1       D5D07C4C4C4C4C4C
A12      D5D0D32C4C4C4C4C
A123     D5D0D3821C4C4C4C
A1234    D5D0D382B58C4C4C
A12345   D5D0D382B524BC4C
A123456  D5D0D382B52417EC
A1234567 D5D0D382B5241746

PLAIN MASK

A D57C4C4C4C4C4C4C

A1 D5D07C4C4C4C4C4C

A12 D5D0D32C4C4C4C4C

A123 D5D0D3821C4C4C4C

A1234 D5D0D382B58C4C4C

A12345 D5D0D382B524BC4C

A123456 D5D0D382B52417EC

A1234567 D5D0D382B5241746

So all we need do is encode via the algorithm each character until we have positions in the new mask matching the given mask.

The github repo below has both the encoder (ichdex01.py) and brute-forcer (masking_bf.py)

Masking/Demasking python code

Enjoy.

Learn to hack?

Blackhat 2018

Destination: blackhat 2018

Keynote presentation from SHARE Sacramento 2018

I am a mainframer – Interview with Open Mainframe Project

RACF masking algorithm, unmasked

Evil Mainframe training is going abroad

CA World 2017

Mainframes, An Overlooked Cyber Attack Target: Part Two

ArcticCon – Thawing the frame – slide video