A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Phil Young: "Mainframed - The Forgotten Fortress" (BSides Las Vegas 2012) (Hacking Illustrated Series InfoSec Tutorial Videos)

Phil Young: "Mainframed - The Forgotten Fortress"

Mainframes? Unix? TSO (not the chicken)? This talk will try to demystify the mainframe from "that cool big black box"" to "why the hell is NOMIXEDCASE turned on" or "what kind of moron uses 1234 as their password?". Most fortune 500 companies use mainframes, but don't put them through the same rigorous testing as they would their Linux or Windows systems? Why, imagine if you were running Windows XP for 20+ years with all these little addons and custom changes and the only guide to securing your customized OS was four thousand pages long, without pictures. Thats what Mainframe security folks face. This talk will give an overview of how to actually use a mainframe (should you encounter one), how IBM decided to hash z/OS passwords and how to crack them offline using JtR (including the scripts/JCL to get a copy of the password file off the mainframe), how to compile Netcat for z/OS so you can use the Mainframe to pivot on to the corporate network or to create a backdoor on to the mainframe and how you can run a mainframe at home on your own PC.
 

Download:
http://archive.org/download/BsidesLasVegas2012/2.2.0PhilYoungMainframed-TheForgottenFortress.avi

Back to BSides Las Vegas 2012 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast