Setting up a vm on top of linux which communicates via a TAP adapter (on the 10.1.1.x network), I wanted iptables to prevent brute forcing to both the host ports (here 22 for ssh) and ports forwarded to the vm (here 443) as they are exposed to the internet. This little snippet does both by… Continue reading Iptables brute force protection w/ nat
Category: Tips
RSA2017 – Presentation “It’s just a computer”
Who’s gonna run this thing?
Not having a clear track to [the fresh talent] pipeline is the single biggest security issue and threat to this platform there is.
Is that ransomware on your mainframe?
Next week at SHARE – San Jose, I’m giving a talk on ransomware on z/OS. I’ve been asked multiple times if I thought ransomware could happen on Z, is it possible: Unequivocally yes. Come see this talk and watch a live demonstration of how this might work. If you are responsible for mainframe security, work for a company… Continue reading Is that ransomware on your mainframe?
Return Oriented Mainframe Exploits
Things I’ve Learned (and things to come)
I started writing a list of topics I’ve learned, some in excruciating detail, some just enough to know where to look for further details (trust me, that is no small feat). I’m writing this not only as a way of keeping me honest on those days when nothing goes right, but also as a way to… Continue reading Things I’ve Learned (and things to come)
Mainframe Shell – Metasploit Framework
When Metasploit meets Mainframe
Bind Shell – shellcode and source
This is an addendum to the last post. Here is shellcode (and it’s stripped down source) that achieve the same goal as the prior post. The difference is the payload is XOR encoded and the shellcode, and it’s source, have a built in decoder stub that decodes the payload in memory then jumps to… Continue reading Bind Shell – shellcode and source
Tips / Tricks – 7/2/15 (update)
Updated. Added update to the packet capture section below, included pcap export! ISPF editor Want more real estate in your ISPF editor? In an editing session enter EDSET in the command line, then check the line marked: X Remove action bars in ISPF edit and view panels This will remove the menu bars and… Continue reading Tips / Tricks – 7/2/15 (update)