A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Learning Mainframe Hacking: Where the hell did all my free time go? - Chad Rikansrud Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Learning Mainframe Hacking: Where the hell did all my free time go?
Chad Rikansrud
Derbycon 2015

Do you love a good puzzle? Do you keep Intel's 3,300 page Software Developer Manual as bedside reading? Are you the first kid on the block to download a new publicly available exploit to try it out and see how it works? Is seeing 0x41414141 in a register more beautiful to you than a Hawaiian sunrise? Then mainframe hacking is definitely for you! In this talk, Big Endian Smalls (or BeS) will open your eyes to the exciting, fun, and excruciatingly challenging world of mainframe vulnerability identification & exploit development. Why don't you care about such a thing? Because you've been taught not to. Schools teach you that mainframes don't matter, if they are mentioned at all. Well guess what! Not only do they matter, everything you do, you family does, your government does, relies on them. BeS will wet your appetites with the basics of IBM's System Z architecture and how to use current tools for exploit development. He will discuss why a solid community of like-minded techno-elites such as yourselves are desperately needed to learn this dark art. Three different disassemblers/debuggers, ranging from the archaic, to the reasonably OK to the OMG what-the-hell-kind-of-sorcery-is-this will be demonstrated with pros and cons for each. A brief primer in proof-of-concept and shellcode development in C and Assembly will be delivered in both Unix System Services (USS) and MVS-based. Trimodal addressing, base, index + displacement address generation and some similarities / differences to the Intel-based world you already know will be addressed. If the thought of learning a new platform excites you or if you are looking for a way to differentiate yourself from all the other researchers / pen-testers in the market - this is the talk for you.

BeS has spent most of his life taking things apart, solving puzzles and generally being difficult. Back in the day it was Gopher and C programming on an RS/6000; BASIC on a commodore PET and watching War Games. More recently he dove into the world of CTF playing and building, focusing on Reverse Engineering and crypto challenges. In his day job he helps keep your mainframe information safe, secure and available. One night, waking up in a cold sweat wondering why we never hear of major mainframe-based breaches, BeS embarked on a quest to learn, digest, and attempt to begin taming the beast that is IBM's flagship System Z - aka, the mainframe. With enough forensics, reverse engineering, and exploit knowledge to get started and a healthy background of network, Linux, and windows administration to stand on (sprinkled with a dash of application development), he dove head first into cracking the code of mainframe vulnerability and exploit research.

@bigendiansmalls

Back to Derbycon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast