Using UNIX System Services to escalate your privileges on z/OS (Pt. #1 of 2) Much has been written about privilege escalation on z/OS, using tried and true methods of abusing UPDATE access to APF-authorized libraries. Suffice to say when the code has made its way to Metasploit, the jig is up. The purpose of this post… Continue reading All aboard the USS Exploits
Learn to hack?
I was asked about sites that help people learn to hack, and/or present hackable applications, virtual machines and websites. The kind people over at twitter were helpful enough to post their favorites. Here is a consolidated list as well as a link to the tweet, lots of other good suggestions in there too. http://overthewire.org/wargames/ http://overthewire.org/wargames/… Continue reading Learn to hack?
Blackhat 2018
Here are my slides (as video) from blackhat 2018 talk. **Note there is no audio – runtime is about 11:40 Mainframe-[zOS]-Reverse-Engineering-and-Exploit-Development
Destination: blackhat 2018
Well – I’m pretty excited about this! blackhat 2018 Briefing – MAINFRAME [Z/OS] REVERSE ENGINEERING AND EXPLOIT DEVELOPMENT
Keynote presentation from SHARE Sacramento 2018
Had a few people ask for the actual presentation, so here you are! SHARE 2018 Keynote PPTX (95 Mb)
I am a mainframer – Interview with Open Mainframe Project
Interview – I am a mainframer
RACF masking algorithm, unmasked
I’d been asked a few times recently for the code that generates the ICHDEX01 RACF masking exit. If you recall, this was the pre-DES (and long pre-KDFAES) algorithm that RACF used to store its passwords. (If you want more detail about this as the other algorithms, see my presentation from SHARE 2016) The algorithm, through… Continue reading RACF masking algorithm, unmasked
Evil Mainframe training is going abroad
Watch this space. https://www.evilmainframe.com
CA World 2017
If you’re going to #CAWORLD 2017 – Come see my Tech Talk, “Pervasive Encryption – Speed Round” to hear the basics & practicalities of IBM’s new Dataset Encryption.
Mainframes, An Overlooked Cyber Attack Target: Part Two
Part two of my interview on Mainframes as a Cyber Attack target Mainframes, An Overlooked Cyber Attack Target: Part Two