Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
World®
’16
Gaps	in	your	Defense:	
Hacking	the	Mainframe	
Philip	Young,	Co-Founder,	ZedSec	390	
MFT1755	
MAINFRAME	AND	WORK...
2	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
©	2016	CA.	All	rights	reserved.	All	trademarks	referenced	herein	...
3	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
Abstract	
The	mainframe	is	the	mission-essenal	backbone	of	the	en...
4	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
Disclaimer	
I’m	not	here	in	the	name	of	or	
on	behalf	of	my	emplo...
5	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD
6	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD
7	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD
8	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD
9	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD
10	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD
11	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
Logica	Security	Incident	Inves3ga3on:	Bilaga_A.pdf	
Source:	h=ps...
12	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
Castle	Walls	Under	Digital	Siege:	Risk-based	Security	for	z/OS	–...
13	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
Common	Myths	
IT’S	NOT	ON	THE	INTERNET	
IT’S	IMPENETRABLE	
HACKE...
14	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
The	‘IMP’	
§  Started	in	2013	
§  Tools:	
–  MassScan	
–  Nmap	
...
15	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD
16	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD
17	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD
18	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD
19	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
It	Doesn’t	Ma=er
20	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
Enterprises	are	Flat	
§  Many	large	enterprises	experienced	a	br...
21	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
Hacking	the	Unhackable	
§  From	the	network	
§  No	knowledge	of	...
22	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
Nmap	in	2015/2016	
• Anon?	
• SITE?	
• OS	Version?	
• Informaon	...
23	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
TN3270	
Screen
24	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
VTAM	
Enumeraon
25	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
TSO	User	
Enumeraon
26	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD
27	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
CICS	
Transacon	
Enumeraon
28	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD
29	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
CICSpwn
30	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
CICSpwn:	
TSO	Shell
31	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
CICSpwn:	
TSO	Shell
32	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
FTP	
Authorized	
Code	Exec
33	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
What	Can	I	Do?	
§  Compliance	is	literally	the	start	
§  Just	be...
34	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
Gap	Assessment	
§  Compare	your	requirements	to	a	standard	
§  H...
35	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
Go	Beyond	Compliance	
§  zAssure?	
§  Idenfying	Data	Assets?	
§ ...
36	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
Quesons?
37	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
CICSpwn	
h=ps://github.com/ayoul3/
cicspwn	
Nmap	Scripts	
h=ps:/...
38	 ©	2016	CA.	ALL	RIGHTS	RESERVED.	@CAWORLD				#CAWORLD	
Stay	connected	at	communies.ca.com	
Thank	you.
@CAWORLD					#CAWORLD	 ©	2016	CA.	All	RIGHTS	RESERVED.	39	 @CAWORLD					#CAWORLD	
Mainframe	and	Workload	
Automa3on	
For	m...
Upcoming SlideShare
Loading in …5
×

CA World - mft1755 - gaps in your defense hacking the mainframe - philip young

237 views

Published on

CA World talk about mainframe hacking and how its actually not impossible.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

CA World - mft1755 - gaps in your defense hacking the mainframe - philip young

  1. 1. World® ’16 Gaps in your Defense: Hacking the Mainframe Philip Young, Co-Founder, ZedSec 390 MFT1755 MAINFRAME AND WORKLOAD AUTOMATION
  2. 2. 2 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD © 2016 CA. All rights reserved. All trademarks referenced herein belong to their respecve companies. The content provided in this CA World 2016 presentaon is intended for informaonal purposes only and does not form any type of warranty. The informaon provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informaonal Purposes Only Terms of this Presentaon
  3. 3. 3 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD Abstract The mainframe is the mission-essenal backbone of the enterprise, housing over 70 percent of corporate data, touching more than half of all applicaons, and connecng to the internet and Internet of Things (IoT) through APIs. However, in the enterprise security discussion, the mainframe is oaen presumed to be inherently secure. This session will dive into the current state of mainframe of mainframe hacking, why hackers are taking a larger interest in the plaborm, a discussion of compliance versus security and next steps on how you can opmize the security of your most mission-essenal business asset. Philip Young ZedSec 390 Co-Founder
  4. 4. 4 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD Disclaimer I’m not here in the name of or on behalf of my employer. All opinions expressed here are my own. Philip Young ZedSec 390 Co-Founder
  5. 5. 5 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD
  6. 6. 6 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD
  7. 7. 7 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD
  8. 8. 8 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD
  9. 9. 9 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD
  10. 10. 10 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD
  11. 11. 11 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD Logica Security Incident Inves3ga3on: Bilaga_A.pdf Source: h=ps://wikileaks.org/goArid-docs/
  12. 12. 12 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD Castle Walls Under Digital Siege: Risk-based Security for z/OS – CA World ‘15 Source: h=ps://www.youtube.com/watch?v=CySiZOaY2T0
  13. 13. 13 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD Common Myths IT’S NOT ON THE INTERNET IT’S IMPENETRABLE HACKERS DON’T KNOW ABOUT IT HACKERS DON’T KNOW ABOUT IT BUT WE’RE AUDITED ALL THE TIME!?
  14. 14. 14 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD The ‘IMP’ §  Started in 2013 §  Tools: –  MassScan –  Nmap –  Python –  X3270 –  Linux VPS §  Database of 400+ mainframes hkps://mainframesproject.tumblr.com/ Internet Mainframes Project
  15. 15. 15 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD
  16. 16. 16 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD
  17. 17. 17 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD
  18. 18. 18 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD
  19. 19. 19 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD It Doesn’t Ma=er
  20. 20. 20 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD Enterprises are Flat §  Many large enterprises experienced a breach in 2015 §  Flat networks §  No firewall between “Corporate” network and mainframe
  21. 21. 21 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD Hacking the Unhackable §  From the network §  No knowledge of the system §  Steps –  Gather informaon –  Profile the system –  Launch akacks Tools released/updated in 2015/2016
  22. 22. 22 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD Nmap in 2015/2016 • Anon? • SITE? • OS Version? • Informaon • VTAM? • CICS? • TSO? • Version? • Nikto? • BURP? • Enumerate? • Java Objects
  23. 23. 23 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD TN3270 Screen
  24. 24. 24 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD VTAM Enumeraon
  25. 25. 25 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD TSO User Enumeraon
  26. 26. 26 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD
  27. 27. 27 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD CICS Transacon Enumeraon
  28. 28. 28 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD
  29. 29. 29 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD CICSpwn
  30. 30. 30 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD CICSpwn: TSO Shell
  31. 31. 31 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD CICSpwn: TSO Shell
  32. 32. 32 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD FTP Authorized Code Exec
  33. 33. 33 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD What Can I Do? §  Compliance is literally the start §  Just because you’re compliant doesn’t mean: –  The compliance rules are well done –  Represent current threats –  Match current baselines §  Vulnerability Scanning?
  34. 34. 34 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD Gap Assessment §  Compare your requirements to a standard §  How do you compare and contrast? §  Who’s experse are you relying on?
  35. 35. 35 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD Go Beyond Compliance §  zAssure? §  Idenfying Data Assets? §  Logging and Monitoring? –  zSecure –  IronStream –  Vanguard §  Penetraon Tesng?
  36. 36. 36 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD Quesons?
  37. 37. 37 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD CICSpwn h=ps://github.com/ayoul3/ cicspwn Nmap Scripts h=ps://github.com/ zedsec390/NMAP Metasploit h=ps://github.com/rapid7/ metasploit-framework Contact & References Twi=er: @mainframed767 E-Mail: mainframed767@gmail.com
  38. 38. 38 © 2016 CA. ALL RIGHTS RESERVED. @CAWORLD #CAWORLD Stay connected at communies.ca.com Thank you.
  39. 39. @CAWORLD #CAWORLD © 2016 CA. All RIGHTS RESERVED. 39 @CAWORLD #CAWORLD Mainframe and Workload Automa3on For more informaon on Mainframe and Workload Automaon, please visit: hkp://cainc.to/9GQ2JI

×