Sign up to save your podcasts
Or
Share Philip Young & Chad "Bigendian Smalls” Rikansrud - Security Necromancy: Further Adventures in Mainframe Hacking
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Philip Young & Chad "Bigendian Smalls” Rikansrud - Security Necromancy: Further Adventures in Mainframe Hacking
Materials Here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Phil-Young-Chad-Rikansrud-Security-Necromancy-Further-Adventures-in-Mainframe-Hacking.pdf
Extras: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Phil-Young-Chad-Rikansrud-Extras.rar
Security Necromancy: Further Adventures in Mainframe Hacking
Philip Young aka Soldier of Fortran, Chief Mainframe Hacker
Chad "Bigendian Smalls” Rikansrud President of Mainframe Hacking
You thought they were dead didn't you? You thought "I haven't seen a mainframe since the 90s, no one uses those anymore." Well you're wrong. Dead wrong. If you flew or drove to DEF CON your information was hitting a mainframe. Did you use credit or cash at the hotel? Doesn't matter, still a mainframe. Did you pay taxes, or perhaps call 911? What about going to the doctor? All using mainframes. At multiple points throughout the day, even if you don't do anything, your data is going through some mainframe, somewhere. 1984? Yeah right, man. That's a typo. Orwell is here now. He's livin' large. So why is no one talking about them?
SoF & Bigendian Smalls, aka 'the insane chown posse', will dazzle and amaze with feats of hackery never before seen on the mainframe. From fully breaking network job entry (NJE) and their concept of trusted nodes, to showing you what happens when you design security in the 80s and never update your frameworks. We'll demonstrate that, yes Charlie Brown, you can in fact overflow a buffer on the mainframe. New tools will be released! Things like SET'n'3270 (SET, but for mainframes!) and VTAM walker (profiling VTAM applications). Updates to current tools will be released (nmap script galore!) everything from accurate version profiling to application ID brute forcing and beyond. You'll also learn how to navigate IBM so you can get access to your very own mainframe and help continue the research that we've started!
All of your paychecks rely on mainframes in one form or another, so maybe we should be talking about it.
Soldier of Fortran: Protect ya REXX! Soldier of Fortran has an unhealthy relationship with mainframes. Being a hacker from way back in the day (BBS and X.25 networks) he was always enamored by the idea of hacking mainframes. Always too expensive and mysterious he settled on hacking windows and linux machines. However, despite not having his own he conducted numerous security engagements against mainframes, slowly developing his skills, until 2010 when he finally got his very own. Not having to worry about system uptime or affecting users he dove in head first and was surprised by what he found. Ever since he has been telling anyone who will listen to him the importance of mainframe security, hacking and research. He’s spoken both domestically and internationallyon the topic, been a guest speaker at multiple conferences, developed tools for mainframe penetration testing and has even keynoted at large mainframe conferences about this topic.
View all episodes
3.3
44 ratings
Materials Here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Phil-Young-Chad-Rikansrud-Security-Necromancy-Further-Adventures-in-Mainframe-Hacking.pdf
Extras: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Phil-Young-Chad-Rikansrud-Extras.rar
Security Necromancy: Further Adventures in Mainframe Hacking
Philip Young aka Soldier of Fortran, Chief Mainframe Hacker
Chad "Bigendian Smalls” Rikansrud President of Mainframe Hacking
You thought they were dead didn't you? You thought "I haven't seen a mainframe since the 90s, no one uses those anymore." Well you're wrong. Dead wrong. If you flew or drove to DEF CON your information was hitting a mainframe. Did you use credit or cash at the hotel? Doesn't matter, still a mainframe. Did you pay taxes, or perhaps call 911? What about going to the doctor? All using mainframes. At multiple points throughout the day, even if you don't do anything, your data is going through some mainframe, somewhere. 1984? Yeah right, man. That's a typo. Orwell is here now. He's livin' large. So why is no one talking about them?
SoF & Bigendian Smalls, aka 'the insane chown posse', will dazzle and amaze with feats of hackery never before seen on the mainframe. From fully breaking network job entry (NJE) and their concept of trusted nodes, to showing you what happens when you design security in the 80s and never update your frameworks. We'll demonstrate that, yes Charlie Brown, you can in fact overflow a buffer on the mainframe. New tools will be released! Things like SET'n'3270 (SET, but for mainframes!) and VTAM walker (profiling VTAM applications). Updates to current tools will be released (nmap script galore!) everything from accurate version profiling to application ID brute forcing and beyond. You'll also learn how to navigate IBM so you can get access to your very own mainframe and help continue the research that we've started!
All of your paychecks rely on mainframes in one form or another, so maybe we should be talking about it.
Soldier of Fortran: Protect ya REXX! Soldier of Fortran has an unhealthy relationship with mainframes. Being a hacker from way back in the day (BBS and X.25 networks) he was always enamored by the idea of hacking mainframes. Always too expensive and mysterious he settled on hacking windows and linux machines. However, despite not having his own he conducted numerous security engagements against mainframes, slowly developing his skills, until 2010 when he finally got his very own. Not having to worry about system uptime or affecting users he dove in head first and was surprised by what he found. Ever since he has been telling anyone who will listen to him the importance of mainframe security, hacking and research. He’s spoken both domestically and internationallyon the topic, been a guest speaker at multiple conferences, developed tools for mainframe penetration testing and has even keynoted at large mainframe conferences about this topic.