Learn to hack?

I was asked about sites that help people learn to hack, and/or present hackable applications, virtual machines and websites. The kind people over at twitter were helpful enough to post their favorites. Here is a consolidated list as well as a link to the tweet, lots of other good suggestions in there too. http://overthewire.org/wargames/ http://overthewire.org/wargames/… Continue reading Learn to hack?

Blackhat 2018

Here are my slides (as video) from blackhat 2018 talk. **Note there is no audio – runtime is about 11:40 Mainframe-[zOS]-Reverse-Engineering-and-Exploit-Development

Destination: blackhat 2018

Well – I’m pretty excited about this! blackhat 2018 Briefing – MAINFRAME [Z/OS] REVERSE ENGINEERING AND EXPLOIT DEVELOPMENT

Is that ransomware on your mainframe?

Next week at SHARE – San Jose, I’m giving a talk on ransomware on z/OS.  I’ve been asked multiple times if I thought ransomware could happen on Z, is it possible: Unequivocally yes.  Come see this talk and watch a live demonstration of how this might work.   If you are responsible for mainframe security, work for a company… Continue reading Is that ransomware on your mainframe?

SHARE 2016 Atlanta – Presentation – Mainframe exploits

This is a co-presentation I did with Brian Marshall and Mark Wilson. My slides are the last few, where I demonstrate 3 distinct exploits on the mainframe.  First, off-the-shelf Java with Jboss.  Second, TN3270 SSL MITM (using SETn3270 – thx to @mainframed767) and then use the stolen creds in a mainframe Metasploit module to get… Continue reading SHARE 2016 Atlanta – Presentation – Mainframe exploits