Adventures in securing a “dinosaur”

This blog is my own chronicle of adventures in writing exploits, cryptography, security and who knows what else.   Specifically though, I’m going to start by sharing technical specifics to support my upcoming co-talk at Defcon 23.

Our talk titled “Security Necromancy: Further Adventures in Mainframe Hacking” seeks to educate the security community to actively dig into the z/series (IBM Mainframe) platform by showing how to leverage skills most already have.

Know how to write shellcode?  Great!  We will show you how easy it is to parlay those skills into writing shellcode that will execute on System Z.  Understanding fuzzing and exploit research?  Those skills are easy to apply on this platform as well.

Use your network hacking skills to exploit Network Job Entry (NJE) with some help from Soldier of Fortran to get you started.

Ultimately we want people to understand that, because of its widespread usage as a core system in many critical infrastructures from finance to air travel; its relative obscurity; and lack of real wide-spread exposure to the hacking public; this system is rife with opportunities to be further secured and hardened.  All that is needed is your expertise.

Come join us for a great show @ DEFCON 23, and watch here for ongoing updates before and after.