Mainframes? Unix? TSO (not the chicken)? This talk will try to demystify the mainframe from "that cool big black box"" to "why the hell is NOMIXEDCASE turned on" or "what kind of moron uses 1234 as their password?". Most fortune 500 companies use mainframes, but don't put them through the same rigorous testing as they would their Linux or Windows systems? Why, imagine if you were running Windows XP for 20+ years with all these little addons and custom changes and the only guide to securing your customized OS was four thousand pages long, without pictures. Thats what Mainframe security folks face. This talk will give an overview of how to actually use a mainframe (should you encounter one), how IBM decided to hash z/OS passwords and how to crack them offline using JtR (including the scripts/JCL to get a copy of the password file off the mainframe), how to compile Netcat for z/OS so you can use the Mainframe to pivot on to the corporate network or to create a backdoor on to the mainframe and how you can run a mainframe at home on your own PC.
 

Download:
http://archive.org/download/BsidesLasVegas2012/2.2.0PhilYoungMainframed-TheForgottenFortress.avi

Back to BSides Las Vegas 2012 video list