Using UNIX System Services to escalate your privileges on z/OS (Pt. #1 of 2) Much has been written about privilege escalation on z/OS, using tried and true methods of abusing UPDATE access to APF-authorized libraries. Suffice to say when the code has made its way to Metasploit, the jig is up. The purpose of this post… Continue reading All aboard the USS Exploits
Category: Exploit Development
Mainframes, An Overlooked Cyber Attack Target: Part Two
Part two of my interview on Mainframes as a Cyber Attack target Mainframes, An Overlooked Cyber Attack Target: Part Two
ArcticCon – Thawing the frame – slide video
Enjoy – Thawing the frame from ArcticCon Watch the video (no audio) of the slides here:
VIDEO – Z Ransomware – SHARE 2017-San Jose
For anyone who missed my talk at SHARE 2017 – Ransomware on Z – Checkmate! Here it is in its entirety. Enjoy! Ransomware on Z – Checkmate! Please note that these videos and all videos released by SHARE are copyrighted by SHARE and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license. http://creativecommons.org/licenses/by-nc-nd/3.0/ This means… Continue reading VIDEO – Z Ransomware – SHARE 2017-San Jose
Metasploit, now with Privilege Escalation!
Update: The PR was accepted. Update your Metasploit installation and have a look! Version 1 of an APF privilege escalation (Requires Creds) of a metasploit module has been submitted for inclusion. This version has no bells or whistles. You can view it here: PR# 8228 z/OS Privesc via authorized APF library write access
SP4RKCON 2017 – Hacking mainframes for CICS and giggles
Here’s the presentation I gave at sp4rkcon: Hacking mainframe for CICS and giggles (PPTX ~43mb)
SHARE2017 – Presentations
SHARE 2017 Mainframe Pentesting SHARE 2017 Ransomware Mainframe Checkmate
Is that ransomware on your mainframe?
Next week at SHARE – San Jose, I’m giving a talk on ransomware on z/OS. I’ve been asked multiple times if I thought ransomware could happen on Z, is it possible: Unequivocally yes. Come see this talk and watch a live demonstration of how this might work. If you are responsible for mainframe security, work for a company… Continue reading Is that ransomware on your mainframe?
Return Oriented Mainframe Exploits
Mainframes – Java – Deserialization
I was asked a week or so ago whether or not I thought z/OS would be susceptible to the types of Java deserialization attacks we’ve seen (a great primer from Fox Glove Security). Of course!, I replied. However, I don’t like unsubstantiated claims – so I built this POC: It uses the basic ysoserial… Continue reading Mainframes – Java – Deserialization