IBM has been touting the security of the mainframe for over 30 years. So much so, that the cult of mainframers believes that the platform is impenetrable. Just try showing how your new attack vector works and you'll be met with 101 reasons why it wouldn't work (until you prove them wrong of course). This talk will take direct aim at the cultist! Previous talks about mainframe security only got you to the front door. Leaving many asking 'great, I got a userid/password, now what?!'. That's what this talk is about: the ‘Now what’. You'll learn a few new techniques to penetrate the mainframe (without a userid/password) and then a bunch of attacks, tricks and mischief you can do to further maintain that access, find important files and really go after the mainframe. During this very Demo Heavy talk you'll learn how to take advantage of APF files, SSL key management, cgi-bin in TYooL 2014, what NJE is and why it's bad, why REXX and SETUID are dangerous and how simple backdoors still work (and will likely go undetected).
Soldier of Fortran (SoF) use to work as an auditor and was thrown into the lions pit of mainframes with very little support. He heard how secure it was, assumed everything worked as described and never questioned the system programmers. That was ten years ago. In those ten years he’s dedicated himself to mainframe security research. No longer satisfied with always being told how secure their systems are he started to develop tools, workplans and attack vectors to really see how secure they were. In 2012 he submitted a talk to the proving ground track at BSidesLV and was accepted. Since then he’s given talks about mainframes at Thotcon, BSidesAustin, Shmoocon and BlackHat! Don’t fear, he hates giving the same talk more than once and never presents the same talk twice!