Using UNIX System Services to escalate your privileges on z/OS (Pt. #1 of 2) Much has been written about privilege escalation on z/OS, using tried and true methods of abusing UPDATE access to APF-authorized libraries. Suffice to say when the code has made its way to Metasploit, the jig is up. The purpose of this post… Continue reading All aboard the USS Exploits
I was asked about sites that help people learn to hack, and/or present hackable applications, virtual machines and websites. The kind people over at twitter were helpful enough to post their favorites. Here is a consolidated list as well as a link to the tweet, lots of other good suggestions in there too. http://overthewire.org/wargames/ http://overthewire.org/wargames/… Continue reading Learn to hack?
Here are my slides (as video) from blackhat 2018 talk. **Note there is no audio – runtime is about 11:40 Mainframe-[zOS]-Reverse-Engineering-and-Exploit-Development
Well – I’m pretty excited about this! blackhat 2018 Briefing – MAINFRAME [Z/OS] REVERSE ENGINEERING AND EXPLOIT DEVELOPMENT
Had a few people ask for the actual presentation, so here you are! SHARE 2018 Keynote PPTX (95 Mb)
Interview – I am a mainframer
I’d been asked a few times recently for the code that generates the ICHDEX01 RACF masking exit. If you recall, this was the pre-DES (and long pre-KDFAES) algorithm that RACF used to store its passwords. (If you want more detail about this as the other algorithms, see my presentation from SHARE 2016) The algorithm, through… Continue reading RACF masking algorithm, unmasked
Watch this space. https://www.evilmainframe.com
If you’re going to #CAWORLD 2017 – Come see my Tech Talk, “Pervasive Encryption – Speed Round” to hear the basics & practicalities of IBM’s new Dataset Encryption.
Part two of my interview on Mainframes as a Cyber Attack target Mainframes, An Overlooked Cyber Attack Target: Part Two