All aboard the USS Exploits

Using UNIX System Services to escalate your privileges on z/OS (Pt. #1 of 2) Much has been written about privilege escalation on z/OS, using tried and true methods of abusing UPDATE access to APF-authorized libraries. Suffice to say when the code has made its way to Metasploit, the jig is up. The purpose of this post… Continue reading All aboard the USS Exploits

CA World 2017

If you’re going to #CAWORLD 2017 – Come see my Tech Talk, “Pervasive Encryption – Speed Round” to hear the basics & practicalities of IBM’s new Dataset Encryption.

VIDEO – Z Ransomware – SHARE 2017-San Jose

For anyone who missed my talk at SHARE 2017 – Ransomware on Z – Checkmate! Here it is in its entirety. Enjoy! Ransomware on Z – Checkmate! Please note that these videos and all videos released by SHARE are copyrighted by SHARE and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license. http://creativecommons.org/licenses/by-nc-nd/3.0/ This means… Continue reading VIDEO – Z Ransomware – SHARE 2017-San Jose

Metasploit, now with Privilege Escalation!

Update: The PR was accepted. Update your Metasploit installation and have a look! Version 1 of an APF privilege escalation (Requires Creds) of a metasploit module has been submitted for inclusion. This version has no bells or whistles. You can view it here: PR# 8228 z/OS Privesc via authorized APF library write access