Thanks to the folks at ConFoo.ca for hosting my guest post to their blog:
Not having a clear track to [the fresh talent] pipeline is the single biggest security issue and threat to this platform there is.
Next week at SHARE – San Jose, I’m giving a talk on ransomware on z/OS. I’ve been asked multiple times if I thought ransomware could happen on Z, is it possible: Unequivocally yes. Come see this talk and watch a live demonstration of how this might work. If you are responsible for mainframe security, work for a company… Continue reading Is that ransomware on your mainframe?
I was asked a week or so ago whether or not I thought z/OS would be susceptible to the types of Java deserialization attacks we’ve seen (a great primer from Fox Glove Security). Of course!, I replied. However, I don’t like unsubstantiated claims – so I built this POC: It uses the basic ysoserial… Continue reading Mainframes – Java – Deserialization
The first z/OS exploit module in the Metasploit Framework, landed last Friday. This is an exploit which takes advantage of a default or poorly configured FTP server. And, it requires valid credentials. However, given this (and it’s a very common configuration), you will be presented with a very nice Unix shell – allowing for deeper… Continue reading A logical first step
Had a great interview with Patrick on the Risky Business podcast. Listen here:
# update 3/31 – added Reverse Shell JCL – this can be used by any direct-to-JES2 delivery method (e.g. FTP, NJE, etc) PR #6737 In continuation of adding more mainframe functionality to Metasploit, I’ve built (and am in the process of incorporating) JCL (job control language)-based payloads (and exploits which use them) within the framework. Once… Continue reading JCL Scripting for Metasploit-Framework
I’m presenting on RACF passwords and self-encrypting drives. See you there!
Learn about RACF KDFAES, Password cracking, Self-Encrypting Drives