SlideShare a Scribd company logo

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_girls_chd_v1.0

n|u - The Open Security Community
n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_girls_chd_v1.0

Education
1 of 38
Download to read offline
Gibson 101 QUICK INTRODUCTION TO HACKING MAINFRAMES IN 2020
Thanks ▪ You awesome people for being here ▪ Phil (Soldier of Fortran - @mainframed767) ▪ Chad (@bigendiansmalls) ▪ Ayoub (@ayoul3__) ▪ Many other mainframe security researchers January 19, 2020 NULL CHAPTER - CHANDIGARH 2 Ref: https://rlv.zcache.com/funny_japanese_akita_with_cute_smile_thank_you_card-r7c85cc2bcb8f48a5b29047d2781ed5f4_xvuat_8byvr_324.jpg
About Me ▪ Organizer – BSides Singapore ▪ Principal Security Consultant at SEC Consult – Singapore ▪ Do the H4kS on daily basis – Web, Mobile apps & Infra mainly ▪ 7+ years in Information Security ▪ Author of XVWA – WebAppSec learning app ▪ Interested in Windows Exploit development, SDR & Mainframes ▪ Licensed Scuba/Sky diver ▪ Travels in free time (https://www.aroundtheglobe.life/) ▪ Tweet me @samanl33t January 19, 2020 NULL CHAPTER - CHANDIGARH 3
What to expect … ▪ Basic Idea of Mainframe systems ▪ Lots of new words and terminologies ▪ Probable overflow of Information in 1 hour. ▪ Attack kill-chain for Mainframes ▪ Demos (Yes!) ▪ (Hopefully) a trigger for curiosity about mainframes January 19, 2020 NULL CHAPTER - CHANDIGARH 4
What is a Mainframe? This.. January 19, 2020 NULL CHAPTER - CHANDIGARH 5 Ref: https://www.dailyhostnews.com/wp-content/uploads/2018/04/derver-1050x600.jpg
What is a Mainframe And this.. January 19, 2020 NULL CHAPTER - CHANDIGARH 6 Ref: https://upload.wikimedia.org/wikipedia/commons/thumb/f/fc/Glowing_IBM_z13_and_clock_-_cropped.JPG/1200px-Glowing_IBM_z13_and_clock_-_cropped.JPG
What is a Mainframe? ▪ Mainly Z/OS or IBM system Z ▪ Not AS400 (System i) ▪ Widely used Business critical system – Banks, Insurance, Airlines.. ▪ Not Legacy – IBMZ15 released few months ago. ▪ Available since 1950s ▪ Handles millions of Input/output per second. ▪ God of backwards compatibility ▪ Built for RAS (Reliability, Availability, Serviceability) ▪ Supports many languages – HLASM, COBOL, C, Java, JCL, REXX, CLIST, Python etc. January 19, 2020 NULL CHAPTER - CHANDIGARH 7
z15 Specs ▪ 190 processors – 12 core, 5.2 GHz each ▪ 40 TB of RAM ▪ Dedicated processors for managing I/O ▪ Dedicated processors for Encryption/Decryption January 19, 2020 NULL CHAPTER - CHANDIGARH 8
January 19, 2020 NULL CHAPTER - CHANDIGARH 9 Why is this relevant?
January 19, 2020 NULL CHAPTER - CHANDIGARH 10 Ref: http://ibmmainframes.com/references/a41.html
z/OS Terminal January 19, 2020 NULL CHAPTER - CHANDIGARH 11
Talking Mainframe.. ▪ LPARS – Logical Partitions (Hosts/Servers) ▪ VTAM – Virtual Telecommunications Access method ▪ DASD – Direct Access Storage Devices (Basically hard drives) ▪ Storage – Memory ▪ TSO – Time Sharing Option (z/OS Shell) ▪ IPL – Initial Program Load – Booting the mainframe ▪ Sysprog – System Programs, Operators – Console Operators ▪ MVS, OS390 – Old names for Z/OS January 19, 2020 NULL CHAPTER - CHANDIGARH 12 https://rainmaker.fm/wp-content/uploads/2015/06/themainframe2-350x350.png
Talking Mainframe – Files/Folders ▪ Called Datasets ▪ Starts with High Level Qualifier (HLQ) For example : “NULLCHD” in “NULLCHD.TEST.FILE” ▪ Two types: ▪ Sequential Datasets Use . (“DOT”) naming convention Example : NULLCHD.TEST.FILE , where NULLCHD is HLQ, TEST is like a folder and FILE is the file. ▪ Partitioned Datasets Also called Libraries, Libs Example : NULLCHD.TEST(FILE), where NULLCHD is HLQ, TEST is the Library and FILE is the member of library ▪ Files are called “members of a dataset” in case of PDS January 19, 2020 NULL CHAPTER - CHANDIGARH 13
Connecting to z/OS system ▪ TN3270 protocol ▪ Basically Telnet on weed ▪ Uses EBCDIC (Not ASCII) ▪ Clear-text ▪ TN3270 over SSL is also used (port 992) ▪ Emulators: ▪ X3270 ▪ W3270 (Windows) ▪ C3270 ▪ VTAM : The first screen you see when you connect over TN3270 January 19, 2020 NULL CHAPTER - CHANDIGARH 14 https://upload.wikimedia.org/wikipedia/commons/a/a8/IBM-3279.jpg
Time Sharing Option (TSO) ▪ Command prompt for Z/OS ▪ Not so user friendly ▪ Accepts commands like: ▪ ping ▪ netstat home ▪ Listuser (LU) January 19, 2020 NULL CHAPTER - CHANDIGARH 15
Time Sharing Option (TSO) January 19, 2020 NULL CHAPTER - CHANDIGARH 16
Interactive System Productivity Facility (ISPF) ▪ GUI for Z/OS ▪ User friendly January 19, 2020 NULL CHAPTER - CHANDIGARH 17
Unix on Mainframe – USS/OMVS ▪ Unix System Services (USS) ▪ Implements TCP/IP stack ▪ Used in almost all Z/OS systems today ▪ Webserver, FTP, SSH etc. configured and works from here. ▪ Supports a lot of standard Unix commands ▪ Comes with Z/OS specific UNIX commands January 19, 2020 NULL CHAPTER - CHANDIGARH 18
Unix on Mainframe – USS/OMVS January 19, 2020 NULL CHAPTER - CHANDIGARH 19
Other interfaces ▪ FTP ▪ SSH ▪ Telnet – Normal telnet ▪ NJE – Network Job Entries ▪ Connect:Direct (C:D) ▪ Message Queues (MQs) ▪ Etc.. January 19, 2020 NULL CHAPTER - CHANDIGARH 20
Mainframe Applications ▪ Applications for Transaction management ▪ CICS – Customer Information Control System ▪ Most common today ▪ IMS – Information Management System ▪ Trust on the Client-side. ▪ Batch processing ▪ Out of scope for this talk January 19, 2020 NULL CHAPTER - CHANDIGARH 21 Ref: https://www.ibm.com/ibm/history/ibm100/images/icp/T891660T84208Q97/us__en_us__ibm100__cics__application_screen__620x350.jpg
January 19, 2020 NULL CHAPTER - CHANDIGARH 22 Demo 1 – Mainframe (z/OS) Interface Ref: https://imgc.allpostersimages.com/images/P-473-488-90/65/6599/39P2100Z/posters/mick-stevens-we-met-20-years-ago-when-tom-hacked-into-my-mainframe-cartoon.jpg
Z/OS Security Architecture ▪ By design – a Strong Security Architecture. ▪ Strong segregation for each program running on the system ▪ This segregation prevents programs interfering with other programs as well as the Operating System. ▪ Unless system is modified to set such privileges for a program (privileged programs) ▪ Privileged programs can bypass ALL security controls. January 19, 2020 NULL CHAPTER - CHANDIGARH 23
z/OS Security Controls Two Types: ▪ Hardware based security controls ▪ Supervisor State – Restricts privileged hardware instructions ▪ Protect Keys – Restricts memory a program can update ▪ Address Spaces – Restricts memory a program can read ▪ Software based security controls: ▪ RACF (IBM) ▪ ACF/2 (CA) ▪ TopSecret (CA) Purpose of software-based controls is to check what a user is authorized to access and do. January 19, 2020 NULL CHAPTER - CHANDIGARH 24
Resource Access Control Facility (RACF) ▪ Makes about 75% of the market ▪ Almost everything is controlled via RACF ▪ Stores everything in a RACF DB ▪ Password hashes as well ▪ Users and other resources are assigned attributes defining their privilege level: ▪ Super User access is called "SPECIAL" (SPECIAL Attribute) ▪ Default passwords are 6/8 characters (all CAPS, 3 special characters) ▪ Default User - IBMUSER/SYS1 ▪ Usually disabled ▪ Allows: WARNING Mode & SURROGATE Profiles January 19, 2020 NULL CHAPTER - CHANDIGARH 25
January 19, 2020 NULL CHAPTER - CHANDIGARH 26 Hacking/Pentesting Mainframes Ref: http://www.quickmeme.com/img/9e/9e8b15a7bd7ba7c33486602aaee307be487ac260811100613ee3535ca0aa0bb1.jpg
Hacking/Pentesting Mainframes Common Scope: ▪ Z/OS system - which includes complete OS,RACF, TSO etc. ▪ Mainframe Applications – CICS, IMS etc. Approach: Initial recon > Gaining Access > Local Recon > Privilege Escalation January 19, 2020 NULL CHAPTER - CHANDIGARH 27
Hacking Mainframes – Initial Recon ▪ Nmap Scanning ▪ Open Ports/Running Services ▪ NMAP scripts to enumerate following information (by Phil Young) ▪ VTAM (APPLIDs) ▪ Logical Units (LUs) ▪ TSO User Ids ▪ CICS transactions ▪ Look for: ▪ Telnet 3270 - Port 23/992 (and variants) ▪ FTP - Port 21 (and variants) ▪ NJE Services ▪ MQ and Connect:Direct Services – 1414 & 1363,1364. January 19, 2020 NULL CHAPTER - CHANDIGARH 28
Hacking Mainframes – Gaining Access ▪Default Accounts - IBMUSER/SYS1 ▪ most likely disabled ▪Bruteforcing TSO user accounts ▪ Accounts might get locked after 3 attempts ▪ Applies to TSO, FTP, SSH etc. ▪Steal credentials ▪ MiTM ▪ Phishing (SETn3270) ▪Using FTP ▪ Uploading the JCL and executing it to get reverse shell ▪ Manually ▪ Metasploit ▪ TSh0cker January 19, 2020 NULL CHAPTER - CHANDIGARH 29
Hacking Mainframes – Gaining Access ▪Using Credentials ▪ Most likely provided for Grey box pentest ▪CICS Applications ▪ This is usually when the CICS applications are in scope. ▪ Some sensitive transactions are accessible without authentication. ▪ Tools/Scripts: ▪ CICSPwn ▪ BRIDA ▪Other Usual Ways ▪ Webservers ▪ DB2 ▪ Other vulnerable network services January 19, 2020 NULL CHAPTER - CHANDIGARH 30 Ref: https://nmap.org/movies/matrix/access_granted.jpg
Hacking Mainframes – Local Recon ▪Check for your current user’s security (RACF) attribute ▪If you’re already “SPECIAL” or “OPERATOR”, you have access to everything. ▪ Look for following: ▪ Basic System information – version info, security software used (RACF/AFC2 etc.) etc. ▪ Interesting files with configuration of other services (MQ, C:D Netmap files etc.) ▪ SURROGATE Users ▪ Users with access to USS etc. ▪ REXX ENUM Script: https://github.com/mainframed/Enumeration January 19, 2020 NULL CHAPTER - CHANDIGARH 31
Hacking Mainframes – Local Recon ▪Manual Way (commands/utils) ▪ IPLINFO ▪ SHOWZOS ▪ TASID ▪Using SEARCH command ▪ List of APF Authorized Libraries ▪ List of SVCs (Supervisor Calls) ▪ Running JOBs ▪Enumeration in USS/OMVS ▪ Check for 'a' attribute (APF authorized Libraries) ▪ Usual unix enumeration - crontabs, config files, webserver folders, files, January 19, 2020 NULL CHAPTER - CHANDIGARH 32
Hacking Mainframes – Privilege Escalation ▪RACF ▪ Cracking Passwords ▪ SURROGATE Profiles ▪ submit Job as SURROGATE user (using JCL) ▪Unix Privilege Escalation ▪ BPX.SUPERUSER? ▪ Permissions on su to root without password ▪ BPX.FILEATTR.APF ▪ Create APF Auth files (+a) ▪ SUPERUSER.FILESYS.MOUNT ▪ Mount malicious filesystem with SPF/SETUID ▪ UID = 0 is NOT gaining SPECIAL on z/OS January 19, 2020 NULL CHAPTER - CHANDIGARH 33
Hacking Mainframes – Privilege Escalation ▪APF Auth libraries: ▪ If you have UPDATE access on any of APF libraries, you can do whatever you want. ▪SVC (Supervisor Calls) ▪Tools/Scripts - ▪ ELV.APF (By Ayoub) - https://github.com/ayoul3/Privesc ▪ Metasploit (apf_privesc_jcl) ▪ Mount malicious filesystem with SPF/SETUID January 19, 2020 NULL CHAPTER - CHANDIGARH 34
January 19, 2020 NULL CHAPTER - CHANDIGARH 35 Demo 2 – From nothing to SPECIAL
Challenges ▪ Challenges: ▪ A common belief - “Our Mainframe is Secure because it’s not accessible from over the internet” ▪ Every organization will have their own mainframe configuration (and it varies a lot) ▪ Highly protected systems in an organization. ▪ Making them hard to get information about. ▪ Mainframe teams are usually the only people in an organization who knows about these system. ▪ Everything is documented, but too many documents On the other hand: ▪ Modern mainframers are super helpful and are security aware. ▪ The Security community has started to gain interest in mainframes recently January 19, 2020 NULL CHAPTER - CHANDIGARH 36
Where to go from here? ▪ Start exploring z/OS mainframes: ▪ Master the Mainframe contest by IBM (https://masterthemainframe.com/) ▪ Your company’s mainframes are the easiest and hardest to explore. ▪ Setup local lab with Hercules & Turnkey ▪ zD&T – if you can afford. ▪ Develop more resources and tools to aid in mainframe security research. ▪ Connect:Direct is unexplored as of now. January 19, 2020 NULL CHAPTER - CHANDIGARH 37
January 19, 2020 NULL CHAPTER - CHANDIGARH 38 Overwhelmed? Twitter: @samanl33t Email: saman.j.l33t@gmail.com Awesome Mainframe Hacking Resources : https://github.com/samanL33T/Awesome-Mainframe-Hacking Ref: http://www.quickmeme.com/img/31/3182781d07db4c2024894ca56ac3dfaeaed9d7c657139cc3499c662644f18c0e.jpg

Recommended

PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)Pace IT at Edmonds Community College
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Kannan Ganapathy
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior Rotkovitch
 
Oop
OopOop
Oopdevikarb
 
Linux networking
Linux networkingLinux networking
Linux networkingArie Bregman
 
Directory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksDirectory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksRaghav Bisht
 
Make static instrumentation great again, High performance fuzzing for Windows...
Make static instrumentation great again, High performance fuzzing for Windows...Make static instrumentation great again, High performance fuzzing for Windows...
Make static instrumentation great again, High performance fuzzing for Windows...Lucas Leong
 
Introduction to threat_modeling
Introduction to threat_modelingIntroduction to threat_modeling
Introduction to threat_modelingPrabath Siriwardena
 

Recommended

PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)Pace IT at Edmonds Community College
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Kannan Ganapathy
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior Rotkovitch
 
Oop
OopOop
Oopdevikarb
 
Linux networking
Linux networkingLinux networking
Linux networkingArie Bregman
 
Directory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksDirectory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksRaghav Bisht
 
Make static instrumentation great again, High performance fuzzing for Windows...
Make static instrumentation great again, High performance fuzzing for Windows...Make static instrumentation great again, High performance fuzzing for Windows...
Make static instrumentation great again, High performance fuzzing for Windows...Lucas Leong
 
Introduction to threat_modeling
Introduction to threat_modelingIntroduction to threat_modeling
Introduction to threat_modelingPrabath Siriwardena
 
XXE - XML External Entity Attack
XXE - XML External Entity Attack XXE - XML External Entity Attack
XXE - XML External Entity Attack Cysinfo Cyber Security Community
 
So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamerJorge Orchilles
 
Windows Operating System Archaeology
Windows Operating System ArchaeologyWindows Operating System Archaeology
Windows Operating System Archaeologyenigma0x3
 
Java Spring Framework
Java Spring FrameworkJava Spring Framework
Java Spring FrameworkMehul Jariwala
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Rihab Chebbah
 
Gayle McDowell: Cracking the coding interview
Gayle McDowell: Cracking the coding interviewGayle McDowell: Cracking the coding interview
Gayle McDowell: Cracking the coding interviewzukun
 
What is component in reactjs
What is component in reactjsWhat is component in reactjs
What is component in reactjsmanojbkalla
 
Linux device drivers
Linux device drivers Linux device drivers
Linux device drivers Emertxe Information Technologies Pvt Ltd
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection Lior Rotkovitch
 
Android組み込み開発テキスト pandaboard es編
Android組み込み開発テキスト pandaboard es編Android組み込み開発テキスト pandaboard es編
Android組み込み開発テキスト pandaboard es編OESF Education
 
Linux Ethernet device driver
Linux Ethernet device driverLinux Ethernet device driver
Linux Ethernet device driver艾鍗科技
 
HTML Fundamentals
HTML FundamentalsHTML Fundamentals
HTML FundamentalsBG Java EE Course
 
[AVTOKYO 2017] What is red team?
[AVTOKYO 2017] What is red team?[AVTOKYO 2017] What is red team?
[AVTOKYO 2017] What is red team?Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
Real world DSL - making technical and business people speaking the same language
Real world DSL - making technical and business people speaking the same languageReal world DSL - making technical and business people speaking the same language
Real world DSL - making technical and business people speaking the same languageMario Fusco
 
Ninja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersNinja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersChang W. Doh
 
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemTutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemDheryta Jaisinghani
 
Kamailio World 2013 - SIP and MSRP over WebSocket
Kamailio World 2013 - SIP and MSRP over WebSocketKamailio World 2013 - SIP and MSRP over WebSocket
Kamailio World 2013 - SIP and MSRP over WebSocketCrocodile WebRTC SDK and Cloud Signalling Network
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Daniele Albrizio
 
FOSDEM 2013 - SIP and MSRP over WebSocket in Kamailio
FOSDEM 2013 - SIP and MSRP over WebSocket in KamailioFOSDEM 2013 - SIP and MSRP over WebSocket in Kamailio
FOSDEM 2013 - SIP and MSRP over WebSocket in KamailioCrocodile WebRTC SDK and Cloud Signalling Network
 
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...Nelson Calero
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdfdino715195
 
MX Deep Dive PPT
MX Deep Dive PPTMX Deep Dive PPT
MX Deep Dive PPTomar awad
 

More Related Content

What's hot

So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamerJorge Orchilles
 
Windows Operating System Archaeology
Windows Operating System ArchaeologyWindows Operating System Archaeology
Windows Operating System Archaeologyenigma0x3
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Rihab Chebbah
 
Gayle McDowell: Cracking the coding interview
Gayle McDowell: Cracking the coding interviewGayle McDowell: Cracking the coding interview
Gayle McDowell: Cracking the coding interviewzukun
 
What is component in reactjs
What is component in reactjsWhat is component in reactjs
What is component in reactjsmanojbkalla
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection Lior Rotkovitch
 
Android組み込み開発テキスト pandaboard es編
Android組み込み開発テキスト pandaboard es編Android組み込み開発テキスト pandaboard es編
Android組み込み開発テキスト pandaboard es編OESF Education
 
Linux Ethernet device driver
Linux Ethernet device driverLinux Ethernet device driver
Linux Ethernet device driver艾鍗科技
 
Real world DSL - making technical and business people speaking the same language
Real world DSL - making technical and business people speaking the same languageReal world DSL - making technical and business people speaking the same language
Real world DSL - making technical and business people speaking the same languageMario Fusco
 
Ninja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersNinja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersChang W. Doh
 

What's hot (15)

XXE - XML External Entity Attack
XXE - XML External Entity Attack XXE - XML External Entity Attack
XXE - XML External Entity Attack
 
So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamer
 
Windows Operating System Archaeology
Windows Operating System ArchaeologyWindows Operating System Archaeology
Windows Operating System Archaeology
 
Java Spring Framework
Java Spring FrameworkJava Spring Framework
Java Spring Framework
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016
 
Gayle McDowell: Cracking the coding interview
Gayle McDowell: Cracking the coding interviewGayle McDowell: Cracking the coding interview
Gayle McDowell: Cracking the coding interview
 
What is component in reactjs
What is component in reactjsWhat is component in reactjs
What is component in reactjs
 
Linux device drivers
Linux device drivers Linux device drivers
Linux device drivers
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection
 
Android組み込み開発テキスト pandaboard es編
Android組み込み開発テキスト pandaboard es編Android組み込み開発テキスト pandaboard es編
Android組み込み開発テキスト pandaboard es編
 
Linux Ethernet device driver
Linux Ethernet device driverLinux Ethernet device driver
Linux Ethernet device driver
 
HTML Fundamentals
HTML FundamentalsHTML Fundamentals
HTML Fundamentals
 
[AVTOKYO 2017] What is red team?
[AVTOKYO 2017] What is red team?[AVTOKYO 2017] What is red team?
[AVTOKYO 2017] What is red team?
 
Real world DSL - making technical and business people speaking the same language
Real world DSL - making technical and business people speaking the same languageReal world DSL - making technical and business people speaking the same language
Real world DSL - making technical and business people speaking the same language
 
Ninja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for BeginnersNinja Build: Simple Guide for Beginners
Ninja Build: Simple Guide for Beginners
 

Similar to Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_girls_chd_v1.0

Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemTutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemDheryta Jaisinghani
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Daniele Albrizio
 
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...Nelson Calero
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdfdino715195
 
MX Deep Dive PPT
MX Deep Dive PPTMX Deep Dive PPT
MX Deep Dive PPTomar awad
 
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Cisco Russia
 
Linux kernel status in RISC-V
Linux kernel status in RISC-VLinux kernel status in RISC-V
Linux kernel status in RISC-VAtish Patra
 
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...mfrancis
 
Top 5 Encryption Myths for IBM i Users
Top 5 Encryption Myths for IBM i UsersTop 5 Encryption Myths for IBM i Users
Top 5 Encryption Myths for IBM i UsersPrecisely
 
PLMCE - Security and why you need to review yours
PLMCE - Security and why you need to review yoursPLMCE - Security and why you need to review yours
PLMCE - Security and why you need to review yoursDavid Busby, CISSP
 
FreeSWITCH as a Kickass SBC
FreeSWITCH as a Kickass SBCFreeSWITCH as a Kickass SBC
FreeSWITCH as a Kickass SBCMoises Silva
 
Raspberry Pi and Amateur Radio - 2020 update
Raspberry Pi and Amateur Radio - 2020 updateRaspberry Pi and Amateur Radio - 2020 update
Raspberry Pi and Amateur Radio - 2020 updateKevin Hooke
 
Top 10 most interesting vulnerabilities and attacks in SAP
Top 10 most interesting vulnerabilities and attacks in SAPTop 10 most interesting vulnerabilities and attacks in SAP
Top 10 most interesting vulnerabilities and attacks in SAPERPScan
 
Nagios Conference 2013 - Luis Contreras - Nagios in Wind Telcom
Nagios Conference 2013 - Luis Contreras - Nagios in Wind TelcomNagios Conference 2013 - Luis Contreras - Nagios in Wind Telcom
Nagios Conference 2013 - Luis Contreras - Nagios in Wind TelcomNagios
 
IoT with Ruby/mruby - RubyWorld Conference 2015
IoT with Ruby/mruby - RubyWorld Conference 2015IoT with Ruby/mruby - RubyWorld Conference 2015
IoT with Ruby/mruby - RubyWorld Conference 2015哲也 廣田
 
PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...
PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...
PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...PROIDEA
 
Automating Federal Aviation Administration’s (FAA) System Wide Information Ma...
Automating Federal Aviation Administration’s (FAA) System Wide Information Ma...Automating Federal Aviation Administration’s (FAA) System Wide Information Ma...
Automating Federal Aviation Administration’s (FAA) System Wide Information Ma...Databricks
 

Similar to Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_girls_chd_v1.0 (20)

Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemTutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
 
Kamailio World 2013 - SIP and MSRP over WebSocket
Kamailio World 2013 - SIP and MSRP over WebSocketKamailio World 2013 - SIP and MSRP over WebSocket
Kamailio World 2013 - SIP and MSRP over WebSocket
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi
 
FOSDEM 2013 - SIP and MSRP over WebSocket in Kamailio
FOSDEM 2013 - SIP and MSRP over WebSocket in KamailioFOSDEM 2013 - SIP and MSRP over WebSocket in Kamailio
FOSDEM 2013 - SIP and MSRP over WebSocket in Kamailio
 
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
 
MX Deep Dive PPT
MX Deep Dive PPTMX Deep Dive PPT
MX Deep Dive PPT
 
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
 
Linux kernel status in RISC-V
Linux kernel status in RISC-VLinux kernel status in RISC-V
Linux kernel status in RISC-V
 
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
 
resume_english
resume_englishresume_english
resume_english
 
Top 5 Encryption Myths for IBM i Users
Top 5 Encryption Myths for IBM i UsersTop 5 Encryption Myths for IBM i Users
Top 5 Encryption Myths for IBM i Users
 
PLMCE - Security and why you need to review yours
PLMCE - Security and why you need to review yoursPLMCE - Security and why you need to review yours
PLMCE - Security and why you need to review yours
 
FreeSWITCH as a Kickass SBC
FreeSWITCH as a Kickass SBCFreeSWITCH as a Kickass SBC
FreeSWITCH as a Kickass SBC
 
Raspberry Pi and Amateur Radio - 2020 update
Raspberry Pi and Amateur Radio - 2020 updateRaspberry Pi and Amateur Radio - 2020 update
Raspberry Pi and Amateur Radio - 2020 update
 
Top 10 most interesting vulnerabilities and attacks in SAP
Top 10 most interesting vulnerabilities and attacks in SAPTop 10 most interesting vulnerabilities and attacks in SAP
Top 10 most interesting vulnerabilities and attacks in SAP
 
Nagios Conference 2013 - Luis Contreras - Nagios in Wind Telcom
Nagios Conference 2013 - Luis Contreras - Nagios in Wind TelcomNagios Conference 2013 - Luis Contreras - Nagios in Wind Telcom
Nagios Conference 2013 - Luis Contreras - Nagios in Wind Telcom
 
IoT with Ruby/mruby - RubyWorld Conference 2015
IoT with Ruby/mruby - RubyWorld Conference 2015IoT with Ruby/mruby - RubyWorld Conference 2015
IoT with Ruby/mruby - RubyWorld Conference 2015
 
PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...
PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...
PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...
 
Automating Federal Aviation Administration’s (FAA) System Wide Information Ma...
Automating Federal Aviation Administration’s (FAA) System Wide Information Ma...Automating Federal Aviation Administration’s (FAA) System Wide Information Ma...
Automating Federal Aviation Administration’s (FAA) System Wide Information Ma...
 

More from n|u - The Open Security Community

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 
News bytes null 200314121904
News bytes null 200314121904News bytes null 200314121904
News bytes null 200314121904
 

Recently uploaded

HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxRosabel UA
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEaurabinda banchhor
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 

Recently uploaded (20)

YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSE
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Project
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_girls_chd_v1.0

  • 1. Gibson 101 QUICK INTRODUCTION TO HACKING MAINFRAMES IN 2020
  • 2. Thanks ▪ You awesome people for being here ▪ Phil (Soldier of Fortran - @mainframed767) ▪ Chad (@bigendiansmalls) ▪ Ayoub (@ayoul3__) ▪ Many other mainframe security researchers January 19, 2020 NULL CHAPTER - CHANDIGARH 2 Ref: https://rlv.zcache.com/funny_japanese_akita_with_cute_smile_thank_you_card-r7c85cc2bcb8f48a5b29047d2781ed5f4_xvuat_8byvr_324.jpg
  • 3. About Me ▪ Organizer – BSides Singapore ▪ Principal Security Consultant at SEC Consult – Singapore ▪ Do the H4kS on daily basis – Web, Mobile apps & Infra mainly ▪ 7+ years in Information Security ▪ Author of XVWA – WebAppSec learning app ▪ Interested in Windows Exploit development, SDR & Mainframes ▪ Licensed Scuba/Sky diver ▪ Travels in free time (https://www.aroundtheglobe.life/) ▪ Tweet me @samanl33t January 19, 2020 NULL CHAPTER - CHANDIGARH 3
  • 4. What to expect … ▪ Basic Idea of Mainframe systems ▪ Lots of new words and terminologies ▪ Probable overflow of Information in 1 hour. ▪ Attack kill-chain for Mainframes ▪ Demos (Yes!) ▪ (Hopefully) a trigger for curiosity about mainframes January 19, 2020 NULL CHAPTER - CHANDIGARH 4
  • 5. What is a Mainframe? This.. January 19, 2020 NULL CHAPTER - CHANDIGARH 5 Ref: https://www.dailyhostnews.com/wp-content/uploads/2018/04/derver-1050x600.jpg
  • 6. What is a Mainframe And this.. January 19, 2020 NULL CHAPTER - CHANDIGARH 6 Ref: https://upload.wikimedia.org/wikipedia/commons/thumb/f/fc/Glowing_IBM_z13_and_clock_-_cropped.JPG/1200px-Glowing_IBM_z13_and_clock_-_cropped.JPG
  • 7. What is a Mainframe? ▪ Mainly Z/OS or IBM system Z ▪ Not AS400 (System i) ▪ Widely used Business critical system – Banks, Insurance, Airlines.. ▪ Not Legacy – IBMZ15 released few months ago. ▪ Available since 1950s ▪ Handles millions of Input/output per second. ▪ God of backwards compatibility ▪ Built for RAS (Reliability, Availability, Serviceability) ▪ Supports many languages – HLASM, COBOL, C, Java, JCL, REXX, CLIST, Python etc. January 19, 2020 NULL CHAPTER - CHANDIGARH 7
  • 8. z15 Specs ▪ 190 processors – 12 core, 5.2 GHz each ▪ 40 TB of RAM ▪ Dedicated processors for managing I/O ▪ Dedicated processors for Encryption/Decryption January 19, 2020 NULL CHAPTER - CHANDIGARH 8
  • 9. January 19, 2020 NULL CHAPTER - CHANDIGARH 9 Why is this relevant?
  • 10. January 19, 2020 NULL CHAPTER - CHANDIGARH 10 Ref: http://ibmmainframes.com/references/a41.html
  • 11. z/OS Terminal January 19, 2020 NULL CHAPTER - CHANDIGARH 11
  • 12. Talking Mainframe.. ▪ LPARS – Logical Partitions (Hosts/Servers) ▪ VTAM – Virtual Telecommunications Access method ▪ DASD – Direct Access Storage Devices (Basically hard drives) ▪ Storage – Memory ▪ TSO – Time Sharing Option (z/OS Shell) ▪ IPL – Initial Program Load – Booting the mainframe ▪ Sysprog – System Programs, Operators – Console Operators ▪ MVS, OS390 – Old names for Z/OS January 19, 2020 NULL CHAPTER - CHANDIGARH 12 https://rainmaker.fm/wp-content/uploads/2015/06/themainframe2-350x350.png
  • 13. Talking Mainframe – Files/Folders ▪ Called Datasets ▪ Starts with High Level Qualifier (HLQ) For example : “NULLCHD” in “NULLCHD.TEST.FILE” ▪ Two types: ▪ Sequential Datasets Use . (“DOT”) naming convention Example : NULLCHD.TEST.FILE , where NULLCHD is HLQ, TEST is like a folder and FILE is the file. ▪ Partitioned Datasets Also called Libraries, Libs Example : NULLCHD.TEST(FILE), where NULLCHD is HLQ, TEST is the Library and FILE is the member of library ▪ Files are called “members of a dataset” in case of PDS January 19, 2020 NULL CHAPTER - CHANDIGARH 13
  • 14. Connecting to z/OS system ▪ TN3270 protocol ▪ Basically Telnet on weed ▪ Uses EBCDIC (Not ASCII) ▪ Clear-text ▪ TN3270 over SSL is also used (port 992) ▪ Emulators: ▪ X3270 ▪ W3270 (Windows) ▪ C3270 ▪ VTAM : The first screen you see when you connect over TN3270 January 19, 2020 NULL CHAPTER - CHANDIGARH 14 https://upload.wikimedia.org/wikipedia/commons/a/a8/IBM-3279.jpg
  • 15. Time Sharing Option (TSO) ▪ Command prompt for Z/OS ▪ Not so user friendly ▪ Accepts commands like: ▪ ping ▪ netstat home ▪ Listuser (LU) January 19, 2020 NULL CHAPTER - CHANDIGARH 15
  • 16. Time Sharing Option (TSO) January 19, 2020 NULL CHAPTER - CHANDIGARH 16
  • 17. Interactive System Productivity Facility (ISPF) ▪ GUI for Z/OS ▪ User friendly January 19, 2020 NULL CHAPTER - CHANDIGARH 17
  • 18. Unix on Mainframe – USS/OMVS ▪ Unix System Services (USS) ▪ Implements TCP/IP stack ▪ Used in almost all Z/OS systems today ▪ Webserver, FTP, SSH etc. configured and works from here. ▪ Supports a lot of standard Unix commands ▪ Comes with Z/OS specific UNIX commands January 19, 2020 NULL CHAPTER - CHANDIGARH 18
  • 19. Unix on Mainframe – USS/OMVS January 19, 2020 NULL CHAPTER - CHANDIGARH 19
  • 20. Other interfaces ▪ FTP ▪ SSH ▪ Telnet – Normal telnet ▪ NJE – Network Job Entries ▪ Connect:Direct (C:D) ▪ Message Queues (MQs) ▪ Etc.. January 19, 2020 NULL CHAPTER - CHANDIGARH 20
  • 21. Mainframe Applications ▪ Applications for Transaction management ▪ CICS – Customer Information Control System ▪ Most common today ▪ IMS – Information Management System ▪ Trust on the Client-side. ▪ Batch processing ▪ Out of scope for this talk January 19, 2020 NULL CHAPTER - CHANDIGARH 21 Ref: https://www.ibm.com/ibm/history/ibm100/images/icp/T891660T84208Q97/us__en_us__ibm100__cics__application_screen__620x350.jpg
  • 22. January 19, 2020 NULL CHAPTER - CHANDIGARH 22 Demo 1 – Mainframe (z/OS) Interface Ref: https://imgc.allpostersimages.com/images/P-473-488-90/65/6599/39P2100Z/posters/mick-stevens-we-met-20-years-ago-when-tom-hacked-into-my-mainframe-cartoon.jpg
  • 23. Z/OS Security Architecture ▪ By design – a Strong Security Architecture. ▪ Strong segregation for each program running on the system ▪ This segregation prevents programs interfering with other programs as well as the Operating System. ▪ Unless system is modified to set such privileges for a program (privileged programs) ▪ Privileged programs can bypass ALL security controls. January 19, 2020 NULL CHAPTER - CHANDIGARH 23
  • 24. z/OS Security Controls Two Types: ▪ Hardware based security controls ▪ Supervisor State – Restricts privileged hardware instructions ▪ Protect Keys – Restricts memory a program can update ▪ Address Spaces – Restricts memory a program can read ▪ Software based security controls: ▪ RACF (IBM) ▪ ACF/2 (CA) ▪ TopSecret (CA) Purpose of software-based controls is to check what a user is authorized to access and do. January 19, 2020 NULL CHAPTER - CHANDIGARH 24
  • 25. Resource Access Control Facility (RACF) ▪ Makes about 75% of the market ▪ Almost everything is controlled via RACF ▪ Stores everything in a RACF DB ▪ Password hashes as well ▪ Users and other resources are assigned attributes defining their privilege level: ▪ Super User access is called "SPECIAL" (SPECIAL Attribute) ▪ Default passwords are 6/8 characters (all CAPS, 3 special characters) ▪ Default User - IBMUSER/SYS1 ▪ Usually disabled ▪ Allows: WARNING Mode & SURROGATE Profiles January 19, 2020 NULL CHAPTER - CHANDIGARH 25
  • 26. January 19, 2020 NULL CHAPTER - CHANDIGARH 26 Hacking/Pentesting Mainframes Ref: http://www.quickmeme.com/img/9e/9e8b15a7bd7ba7c33486602aaee307be487ac260811100613ee3535ca0aa0bb1.jpg
  • 27. Hacking/Pentesting Mainframes Common Scope: ▪ Z/OS system - which includes complete OS,RACF, TSO etc. ▪ Mainframe Applications – CICS, IMS etc. Approach: Initial recon > Gaining Access > Local Recon > Privilege Escalation January 19, 2020 NULL CHAPTER - CHANDIGARH 27
  • 28. Hacking Mainframes – Initial Recon ▪ Nmap Scanning ▪ Open Ports/Running Services ▪ NMAP scripts to enumerate following information (by Phil Young) ▪ VTAM (APPLIDs) ▪ Logical Units (LUs) ▪ TSO User Ids ▪ CICS transactions ▪ Look for: ▪ Telnet 3270 - Port 23/992 (and variants) ▪ FTP - Port 21 (and variants) ▪ NJE Services ▪ MQ and Connect:Direct Services – 1414 & 1363,1364. January 19, 2020 NULL CHAPTER - CHANDIGARH 28
  • 29. Hacking Mainframes – Gaining Access ▪Default Accounts - IBMUSER/SYS1 ▪ most likely disabled ▪Bruteforcing TSO user accounts ▪ Accounts might get locked after 3 attempts ▪ Applies to TSO, FTP, SSH etc. ▪Steal credentials ▪ MiTM ▪ Phishing (SETn3270) ▪Using FTP ▪ Uploading the JCL and executing it to get reverse shell ▪ Manually ▪ Metasploit ▪ TSh0cker January 19, 2020 NULL CHAPTER - CHANDIGARH 29
  • 30. Hacking Mainframes – Gaining Access ▪Using Credentials ▪ Most likely provided for Grey box pentest ▪CICS Applications ▪ This is usually when the CICS applications are in scope. ▪ Some sensitive transactions are accessible without authentication. ▪ Tools/Scripts: ▪ CICSPwn ▪ BRIDA ▪Other Usual Ways ▪ Webservers ▪ DB2 ▪ Other vulnerable network services January 19, 2020 NULL CHAPTER - CHANDIGARH 30 Ref: https://nmap.org/movies/matrix/access_granted.jpg
  • 31. Hacking Mainframes – Local Recon ▪Check for your current user’s security (RACF) attribute ▪If you’re already “SPECIAL” or “OPERATOR”, you have access to everything. ▪ Look for following: ▪ Basic System information – version info, security software used (RACF/AFC2 etc.) etc. ▪ Interesting files with configuration of other services (MQ, C:D Netmap files etc.) ▪ SURROGATE Users ▪ Users with access to USS etc. ▪ REXX ENUM Script: https://github.com/mainframed/Enumeration January 19, 2020 NULL CHAPTER - CHANDIGARH 31
  • 32. Hacking Mainframes – Local Recon ▪Manual Way (commands/utils) ▪ IPLINFO ▪ SHOWZOS ▪ TASID ▪Using SEARCH command ▪ List of APF Authorized Libraries ▪ List of SVCs (Supervisor Calls) ▪ Running JOBs ▪Enumeration in USS/OMVS ▪ Check for 'a' attribute (APF authorized Libraries) ▪ Usual unix enumeration - crontabs, config files, webserver folders, files, January 19, 2020 NULL CHAPTER - CHANDIGARH 32
  • 33. Hacking Mainframes – Privilege Escalation ▪RACF ▪ Cracking Passwords ▪ SURROGATE Profiles ▪ submit Job as SURROGATE user (using JCL) ▪Unix Privilege Escalation ▪ BPX.SUPERUSER? ▪ Permissions on su to root without password ▪ BPX.FILEATTR.APF ▪ Create APF Auth files (+a) ▪ SUPERUSER.FILESYS.MOUNT ▪ Mount malicious filesystem with SPF/SETUID ▪ UID = 0 is NOT gaining SPECIAL on z/OS January 19, 2020 NULL CHAPTER - CHANDIGARH 33
  • 34. Hacking Mainframes – Privilege Escalation ▪APF Auth libraries: ▪ If you have UPDATE access on any of APF libraries, you can do whatever you want. ▪SVC (Supervisor Calls) ▪Tools/Scripts - ▪ ELV.APF (By Ayoub) - https://github.com/ayoul3/Privesc ▪ Metasploit (apf_privesc_jcl) ▪ Mount malicious filesystem with SPF/SETUID January 19, 2020 NULL CHAPTER - CHANDIGARH 34
  • 35. January 19, 2020 NULL CHAPTER - CHANDIGARH 35 Demo 2 – From nothing to SPECIAL
  • 36. Challenges ▪ Challenges: ▪ A common belief - “Our Mainframe is Secure because it’s not accessible from over the internet” ▪ Every organization will have their own mainframe configuration (and it varies a lot) ▪ Highly protected systems in an organization. ▪ Making them hard to get information about. ▪ Mainframe teams are usually the only people in an organization who knows about these system. ▪ Everything is documented, but too many documents On the other hand: ▪ Modern mainframers are super helpful and are security aware. ▪ The Security community has started to gain interest in mainframes recently January 19, 2020 NULL CHAPTER - CHANDIGARH 36
  • 37. Where to go from here? ▪ Start exploring z/OS mainframes: ▪ Master the Mainframe contest by IBM (https://masterthemainframe.com/) ▪ Your company’s mainframes are the easiest and hardest to explore. ▪ Setup local lab with Hercules & Turnkey ▪ zD&T – if you can afford. ▪ Develop more resources and tools to aid in mainframe security research. ▪ Connect:Direct is unexplored as of now. January 19, 2020 NULL CHAPTER - CHANDIGARH 37
  • 38. January 19, 2020 NULL CHAPTER - CHANDIGARH 38 Overwhelmed? Twitter: @samanl33t Email: saman.j.l33t@gmail.com Awesome Mainframe Hacking Resources : https://github.com/samanL33T/Awesome-Mainframe-Hacking Ref: http://www.quickmeme.com/img/31/3182781d07db4c2024894ca56ac3dfaeaed9d7c657139cc3499c662644f18c0e.jpg