Defcon 22-philip-young-from-root-to-special-hacking-ibm-main

•

0 likes•3,524 views

This document discusses hacking mainframe systems like IBM z/OS. It describes how the speaker was able to gain access to mainframes through methods like credential theft, exploiting vulnerabilities in programs like Tivoli NetView, and escalating privileges using tools to ultimately achieve root access. The speaker demonstrates hacking tools they have created like BIRP, TShocker, and Maintp that can be used to conduct reconnaissance of mainframes and execute code through techniques like FTP.

Technology

From ROOT
to SPECIAL
Hacking IBM
Mainframes
Soldier of Fortran
@mainframed767

DISCLAIMER!
All research was done under
personal time. I am not here
in the name of, or on behalf
of, my employer.
Therefore, any views expressed
in this talk are my own and
not those of my employer.
This talk discusses work
performed in my spare time
generally screwing around with
mainframes and thinking 'what
if this still works...'
@mainframed767

?Question?
PLAIN
TXT
53%
SSL
47%
INTERNET
MAINFRAMES

?SSL?
Self
Signed
33%
No
Error
49
SSL TN3270
MAINFRAMESBad
CA
17%

Who are you?
•  Security Guy
•  Tired of 90’s
thinking
•  Eye opening
experience
@mainframed767

PCI
Security
Expert
Mainframe
Security
Guru
ISO 27002
& PCI
Certifier
“What’s
NETSTAT?”
- Our Horrible Consultant

z/OS? WTF
•  Most popular
“mainframe” OS
•  Version 2.1 out
now!
Legacy my ass!
@mainframed767

z/OS Demo
•  Let’s take a
look at this
thing
•  It’ll all make
sense
@mainframed767

zOS or PoS?
•  Hard to tell,
identifying
sucks
•  Scanner have
“challenges”
nmap -sV -p 992
167.xxx.4.2 -Pn
@mainframed767

Nmap 6.40
PORT: 992/tcp
STATE: open
SERVICE: ssl
VERSION:
IBM OS/390
@mainframed767

Nmap 6.46
PORT: 992/tcp
STATE: open
SERVICE: ssl
VERSION:
Microsoft
IIS SSL
@mainframed767

CENSORED(
CENSORED(
CENSORED(
CENSORED(
CENSORED(
CENSORED(

Other Methods
•  Web Servers:
IBM HTTP Server
V5R3M0

Lets Break in
•  Steal Credentials
•  Web Server
•  3270 Panels
– Usin’ BIRP
@mainframed767

CGI-Bin in
tyool 2014
•  REXX / SH still
used
•  Injection simple,
if you know TSO
commands
@mainframed767

B.I.R.P.
•  Big Iron Recon &
Pwnage
– By @singe
– HITB 2014
•  3270 is awesome
@mainframed767

Only FTP?
•  No Problem!
•  FTP lets you run
JCL (JCL = Script)
•  Command:
SITE FILE=JES

Access
Granted
•  Now we have
access
•  FTP Account
•  Asking someone
Now what?
@mainframed767

Escalate!
•  Let’s escalate
our privilege
•  Connect with
telnet/ssh/3270
@mainframed767

Getroot.rx
•  rexx script
•  Leverages
CVE-2012-5951:
Unspecified vulnerability in IBM
Tivoli NetView 1.4, 5.1 through 5.4,
and 6.1 on z/OS allows local users
to gain privileges by leveraging
access to the normal Unix System
Services (USS) security level.

Tsk tsk
•  IBM not really
being honest
here
• Works on any
setuid REXX
script!
@mainframed767

THANKS
•  Swedish Black
Hat community
•  Oliver Lavery
– GDS Security
•  Logica Breach
Investigation
Files

Keep ACCESS
•  Get a copy of
the RACF
database
•  John the Ripper
racf2john racf.db
john racf_hashes
@mainframed767

Steal
•  Use IRRDBU00 to
convert RACF to
flat file
•  Search for SPECIAL
accounts
•  Login with a SPECIAL
account
@mainframed767

Welcome to
OWN zone
•  SPECIAL gives
access to make
any change to
users
•  Add Users
•  Make others
SPECIAL,
OPERATIONS
@mainframed767

INETD
•  Works just like
Linux
Kill inetd:
- ps –ef|grep inetd
- Kill <id>
@mainframed767

Connect with
NETEBCDICAT
•  EBCDIC!
@mainframed767
•  Use NetEBCDICat

BPX. Wha?
•  BPX.SUPERUSER
– Allows people to
su to root without
password

BPX.SUPERUSER
•  As SPECIAL user
type (change userid):
PERMIT BPX.SUPERUSER
CLASS(FACILITY) ID(USERID)
ACCESS(READ)
And
SETROPTS GENERIC(FACILITY)
REFRESH

Tools
•  CATSO
–  TSO Bind/Reverse shell
•  TSHOCKER
– Python/JCL/FTP
wrapper for CATSO
•  MainTP
– Python/JCL/FTP
getroot.rx wrapper
@mainframed767

Maintp
•  Uses GETROOT.rx
+ JCL and FTP
and NetEBCDICat
to get a remote
root shell
@mainframed767

Thanks
•  Logica Breach
Investigation
Team
•  Dominic White
(@singe)
•  The community

Contact
Twitter
@mainframed767
Email
mainframed767@gmail.com
Websites:
Mainframed767.tumblr.com
Soldieroffortran.org

This document discusses improving the communication of malware analysis by providing reproducible analyses using the malware itself. It proposes supplementing written analyses with demonstrations that instrument the malware. As a case study, it analyzes a piece of POS malware called JackPOS. The document describes setting up the malware's command and control infrastructure and memory scraping functionality. It concludes by demonstrating how to instrument the malware using Python scripts to trace its network communication and track data collection in a reproducible way.

Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli

Priyanka Aash

The document discusses techniques for bypassing security controls and gaining persistent access to a secured remote desktop server. It proposes infecting a client's workstation, stealing RDP credentials, and using various tools to bypass firewalls, application whitelisting, and other defenses in order to install malware and establish command and control of the target server. Specific bypass methods involve abusing Microsoft Word macros, exploiting Windows services, installing kernel drivers, and manipulating TCP source ports. The presentation demonstrates new attack tools and methods for pentesters and warns blue teams of challenges in detecting such advanced intrusions.

Defcon 22-jesus-molina-learn-how-to-control-every-room

Priyanka Aash

The document discusses how insecure home automation systems can be hacked by analyzing the communication protocols and accessing devices remotely. It uses a hypothetical example of a hacker gaining control of all devices in hotel rooms by understanding the KNX protocol used and sending commands through unsecured IP connections. Better security practices like mutual authentication for device communication are suggested to prevent such attacks.

Sticky Keys to the Kingdom

Dennis Maldonado

The document discusses how replacing certain Windows accessibility tool binaries, like sethc.exe, with cmd.exe allows gaining command prompt access on Windows systems. The authors developed a tool called Sticky Key Slayer that scans networks for systems vulnerable to this issue by automating the process of connecting via RDP, triggering the accessibility tools, and checking for command prompts. When tested on a large network, over 500 vulnerable systems were found. The document recommends remediation steps and warns that this technique is a sign of potential compromise.

Outlook and Exchange for the bad guys

Nick Landers

DerbyCon 2016 Nick Landers @monoxgas External mail via Exchange is one of the most common services offered by organizations today. The Microsoft Office suite is even more prevalent making Outlook the most common mail client around. This talk focuses on the abuse of these two products for the purpose of gaining code execution inside remote networks. Subjects include E-Mail and password scraping, OWA/EWS brute forcing techniques, and new research into abusing Outlook mail rules for remote code execution. Learn about the capabilities of client side rules, the underlying Windows APIs, and how to modify these rule objects to make phishing attacks obsolete. Security Consultant at Silent Break Security. Professional Hacker for 2 years. Current work involves writing custom malware and researching unique attack vectors that abuse functionality in windows environments.

External to DA, the OS X Way

Stephan Borosh

The document provides an overview of techniques for penetrating OS X environments externally, including using the EmPyre remote access Trojan, phishing with OS X payloads, privilege escalation, persistence mechanisms like login hooks and crontab, host and network reconnaissance tools, and lateral movement options like SSH. The challenges of operating in an OS X environment and adapting typical Windows tactics are also discussed.

Introduction to red team operations

Sunny Neo

This document provides an introduction to red team operations from the perspective of a penetration tester transitioning to become a red teamer. It discusses some of the key differences between penetration testing and red teaming such as scope, reconnaissance required, stealth, and infrastructure setup. The document outlines principles for red team operations including protecting infrastructure, logging everything, managing information, and avoiding detection. It also provides examples of tactics, techniques and procedures used in red team operations as well as considerations for tools like Cobalt Strike to help evade detection.

Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac

Priyanka Aash

The document discusses conducting timing attacks against the Internet of Things. It begins with an overview of timing attacks and how they work by exploiting small differences in processing times. String comparison timing attacks are highlighted, where the processing time of comparing strings character-by-character can reveal information. Statistical analysis of precise timing data collected from a network can be used to infer secrets like passwords over many trials. The talk demonstrates a proof-of-concept timing attack against a Philips Hue light system to recover an API access token one character at a time. Specialized hardware and careful experimental setup is required to achieve the necessary nanosecond-level timing precision.

PowerShell is now a ‘mandatory-to-use’ tool for IT professionals in order to automate administration of the Windows OS and applications, including Azure and Nano Server. Unfortunately, threat actors have recently taken advantage of this powerful scripting language just because PowerShell it’s already installed on your Windows machines, trusted by Admins and most AntiVirus tools! The session presents the steps that should get you starting on (Ethical) Hacking and Pen Testing with PowerShell and some new techniques like JEA (Just Enough Administration) that a defender can use in order to limit the effectiveness of PowerShell attacks.

Pentest Apocalypse - SANSFIRE 2016 Edition

Beau Bullock

Pentest Apocalypse-That's when you hire a pentester, and they walk all over your network. To avoid this, organizations need to be prepared before the first packet is sent in order to get the most value from the tester. There is no excuse for pentesters to find critical vulnerabilities that are six years old on an assessment. And who needs a zero-day when employees leave credentials on wide-open shares? Just like how Doomsday Preppers helps you prepare for the apocalypse, this presentation will help you prepare for, and avoid, a pentest apocalypse by describing common vulnerabilities found on many assessments. Being prepared for common pentester activities will not only help add value to a pentest but will also help prevent attackers from using the same tactics to compromise your organization. For More Information Please Visit:- http://bsidestampa.net http://www.irongeek.com/i.php?page=videos/bsidestampa2015/104-pentest-apocalypse-beau-bullock

Internal Pentest: from z3r0 to h3r0

marcioalma

Attack All the Layers - What's Working in Penetration Testing

NetSPI

The document discusses techniques for attacking different layers during a penetration test. It covers attacking protocols like ARP, NBNS, SMB, PXE and DTP. It also discusses attacking passwords by cracking hashes, dictionary attacks, and dumping passwords in cleartext. Additionally, it covers attacking applications, bypassing endpoint protection, and escalating privileges on Windows systems locally and within a domain. The overall message is that penetration testers should attack all layers of the stack during a test to fully evaluate security.

Fuzzing and You: Automating Whitebox Testing

NetSPI

Fuzzing is easy, but getting useful information from fuzzing isn’t. ‘Spray and pray’ might get some results, but a set of well-designed tests will get much better results faster. Unfortunately, the job doesn’t end there. Fuzzing doesn’t find vulnerabilities; fuzzing finds unexpected behavior. Interpreting that unexpected behavior relies on understanding the application you’re fuzzing and the tests you’ve designed. This presentation will discuss techniques for creating tests targeted towards uncovering specific behavior, including authorization bypasses, directory traversals, and buffer overflows.

Lateral Movement with PowerShell

kieranjacobsen

PowerShell, the must have tool for administrators, and the long overlooked security challenge. See Kieran Jacobsen present how PowerShell, with its deep Microsoft platform integration can be utilised by an attack to become a powerful attack tool. Learn how an attacker can move from a compromised workstation to a domain controller using PowerShell and WinRM whilst learning how to defend against these attacks.

Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao

Shakacon

Since 2014, fifteen new malware or riskware families successfully attacked non-jailbroken iOS devices (e.g., WireLurker, Oneclickfraud, XcodeGhost, InstaAgent, ZergHelper, AceDeceiver), affected thousands of iOS apps and tens of millions users around the world. Ten of them even bypassed Apple’s code vetting and occurred at App Store. In this presentation, we will systematically study how could these malware, riskware and some Proof-of-Concepts infect non-jailbroken devices via practical vectors and approaches including abusing development certificates, bypassing code review by obfuscation, performing FairPlay MITM attack, abusing MDM solution, abusing private APIs, exploiting design flaws or app level vulnerabilities, and stealing privacy data. For each topic, we will introduce its implementation, explore real world cases, analyze its risky and consequences, explain Apple’s countermeasures, and discuss why some problems will still exist in near future. We will also share some stories of how we discovered those interesting iOS malware. Through this topic, audiences could make more effective policies to protect iOS devices in their organizations, build their own systems/tools to evaluate security risks in iOS apps, and hunt more iOS malware in the future.

Lares from LOW to PWNED

Chris Gates

This document discusses various techniques for finding and exploiting vulnerabilities during a penetration test when vulnerabilities are marked as "low" or "medium" in severity. It argues that penetration testers and clients should not rely solely on vulnerability scanners and should thoroughly investigate even lower severity issues. Specific techniques mentioned include exploiting default credentials on services like VNC, exploiting exposed admin interfaces found through tools like Metasploit, taking advantage of browsable directories with backups or other sensitive files, exploiting SharePoint misconfigurations, exploiting HTTP PUT or WebDAV configurations, exploiting Apple Filing Protocol, and exploiting trace.axd to view request details in .NET applications. The document emphasizes finding overlooked vulnerabilities and keeping "a human in the mix" rather than full reliance

Extracting Credentials From Windows

NetSPI

1. The document discusses how passwords can be exposed on Windows systems through cleartext storage, encrypted storage that can be decrypted, and password hashes. 2. Passwords are commonly stored in cleartext in files, registry settings, configuration files, and network traffic using basic authentication. Encrypted passwords can sometimes be decrypted if the encryption key is known or can be recovered. 3. The document provides recommendations for securing passwords such as avoiding cleartext storage, encrypting passwords appropriately, and auditing systems regularly for exposed passwords.

TeelTech - Advancing Mobile Device Forensics (online version)

Mike Felch

This document provides an overview of a training on advancing mobile device forensics through reverse engineering and programming techniques. It discusses how traditional forensic tools are becoming less effective at recovering data from newer devices and applications that are designed for privacy. The training will demonstrate extracting artifacts from a raw device image using a hex editor and Python scripts. It also outlines a simulated criminal investigation involving the murder of a victim, and how analyzing the digital evidence from the victim and suspect's mobile phones through these new techniques revealed deleted messages that are relevant to the case.

Client side attacks using PowerShell

Nikhil Mittal

This document discusses using PowerShell for lethal client-side attacks. It introduces several tools created by the author (Out-Word, Out-Excel, etc.) that generate malicious Microsoft Office files, shortcuts, HTML files and Java files containing PowerShell payloads. These payloads allow executing commands, downloading/running scripts and more complex attacks on the victim's system. The document provides examples usage and discusses using PowerShell's capabilities for effective post-exploitation on client machines. It concludes with recommendations for defense and credits references used in developing the tools.

BlueHat v18 || Linear time shellcode detection using state machines and opera...

BlueHat Security Conference

Aditya Joshi, Microsoft Abhishek Singh, Microsoft Shellcode detection is critical in the identification of persistent threats. Attackers employ them in exploitation, post-exploitation toolkits and macro-based malware routinely to evade detection. Our research also shows that shellcode in the wild are evolving to defeat many of the static analysis techniques employed to detect them. We will present a fast, platform agnostic approach (Windows/Linux) that been successful in detecting many real world shellcode compromises as part of the ASC Fileless attack feature (Process Investigator). Our approach employs state machines, virtual stack/register representation and operand expression heuristics to identify suspicious machine code patterns in milliseconds. We identify the basic heuristics that are commonly employed in shellcode. This allows us to be more robust against attackers that constantly evolve to thwart pure signature or byte stream sequence based approaches. Each instruction is passed to a series of activation functions that look for platform specific patterns generally needed in Stage 1 shellcode. As we process the stream of instructions we scan for hashing loops, in-segment/out-segment calls/jumps, current instruction pointer determination, system calls, locating system data structures, anti-debugging and anti-hooking behaviors in the machine code. We then correlate these findings to give a maliciousness score. We will deep dive into the concepts and demo obfuscated shellcodes.

Web security for developers

Sunny Neo

The document discusses common web application security vulnerabilities and best practices for prevention. It covers topics like cross-site scripting (XSS), SQL injection, insecure direct object references, command injection, cross-site request forgery (CSRF), and improper password storage. The document provides examples of each vulnerability and recommendations for prevention, including input validation, prepared statements, encryption, hashing passwords, and other techniques. The objectives are to create awareness of web security issues and how developers can build more secure applications using secure coding practices.

Defcon 22-david-wyde-client-side-http-cookie-security

Priyanka Aash

Cookies stored by web browsers can be easily stolen, as most browsers store them in plaintext. Popular browsers like Firefox store cookies in SQLite databases, Internet Explorer in text files, and Opera and Safari in custom binary formats - all of which can be read easily by tools or code. Chromium encrypts cookies on Windows, Mac, and Linux, but cookies can still be decrypted on Linux. Physical access, social engineering, malware, and other attacks can steal browser cookies. Defenses include disk encryption, application firewalls, SELinux, and a master password for cookies.

Started In Security Now I'm Here

Christopher Grayson

BSIDES-PR Keynote Hunting for Bad Guys

Joff Thyer

This document discusses techniques for hunting bad guys on networks, including identifying client-side attacks, malware command and control channels, post-exploitation activities, and hunting artifacts. It provides examples of using DNS logs, firewall logs, HTTP logs, registry keys, installed software inventories, and the AMCache registry hive to look for anomalous behaviors that could indicate security compromises. The goal is to actively hunt for threats rather than just detecting known bad behaviors.

[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...

CODE BLUE

The very best attackers often use PowerShell to hide their scripts from A/V and application whitelisting technologies using encoded commands and memory-only payloads to evade detection. These techniques thwart Blue Teams from determining what was executed on a target system. However, defenders are catching on, and state-of-the-art detection tools now monitor the command line arguments for powershell.exe either in real-time or from event logs. We need new avenues to remain stealthy in a target environment. So, this talk will highlight a dozen never-before-seen techniques for obfuscating PowerShell command line arguments. As an incident responder at Mandiant, I have seen attackers use a handful of these methods to evade basic command line detection mechanisms. I will share these techniques already being used in the wild so you can understand the value each technique provides the attacker. Updated PowerShell event logging mitigates many of the detection challenges that obfuscation introduces. However, many organizations do not enable this PowerShell logging. Therefore, I will provide techniques that the Blue Team can use to detect the presence of these obfuscation methods in command line arguments. I will conclude this talk by highlighting the public release of Invoke-Obfuscation. This tool applies the aforementioned obfuscation techniques to user-provided commands and scripts to evade command line argument detection mechanisms. --- Daniel Bohannon Daniel Bohannon is an Incident Response Consultant at MANDIANT with over six years of operations and information security experience. His particular areas of expertise include enterprise-wide incident response investigations, host-based security monitoring, data aggregation and anomaly detection, and PowerShell-based attack research and detection techniques. As an incident response consultant, Mr. Bohannon provides emergency services to clients when security breach occur. He also develops new methods for detecting malicious PowerShell usage at both the host- and network-level while researching obfuscation techniques for PowerShell- based attacks that are being used by numerous threat groups. Prior to joining MANDIANT, Mr. Bohannon spent five years working in both IT operations and information security roles in the private retail industry. There he developed operational processes for the automated aggregation and detection of host- and network-based anomalies in a large PCI environment. Mr. Bohannon also programmed numerous tools for host-based hunting while leading the organization’s incident response team. Mr. Bohannon received a Master of Science in Information Security from the Georgia Institute of Technology and a Bachelor of Science in Computer Science from The University of Georgia.

BlueHat v18 || Protecting the protector, hardening machine learning defenses ...

BlueHat Security Conference

Jugal Parikh, Microsoft Holly Stewart, Microsoft Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable to adversarial attacks. Singular machine learning models can be “gamed” leading to unexpected outcomes. In this talk, we’ll compare the difficulty of tampering with cloud-based models and client-based models. We then discuss how we developed stacked ensemble models to make our machine learning defenses less susceptible to tampering and significantly improve overall protection for our customers. We talk about the diversity of our base ML models and technical details on how they are optimized to handle different threat scenarios. Lastly, we’ll describe suspected tampering activity we’ve witnessed using protection telemetry from over half a billion computers, and whether our mitigation worked.

Adversarial Post-Ex: Lessons From The Pros

Justin Warner

This document provides an overview of lessons learned from studying post-exploitation techniques of real adversaries. It discusses analyzing malware samples and threat reports to find new techniques, then implementing those techniques as proof-of-concept tools. Examples covered include recording audio and taking screenshots, monitoring Skype communications, exfiltrating files, capturing network packets, and mitigation strategies. The goal is to model realistic adversary behavior to improve defensive capabilities.

Secure360 - Attack All the Layers! Again!

Scott Sutherland

This presentation is intended to provide an overview of vulnerabilities and attack techniques that are popular in penetration testing at the moment. This talk includes real-world examples of attacks that they use on a daily basis, and some reflections on what techniques have changed over the last year. Vulnerabilities related to the application, network, and server layers will all be covered along with current anti-virus bypass and privilege escalation techniques used by attackers and penetration testers. This presentation should be interesting to security professionals and system administrators looking for more insight into real world attacks. More security blogs by the authors can be found @ https://www.netspi.com/blog/

Defcon 22-rmellendick-dakahuna-rf-penetration-testing-your-a

Priyanka Aash

Cellular networks operate on specific radio frequency bands to transmit and receive signals from cell phones and other wireless devices. The most common cellular frequencies worldwide are in the 800-900 MHz and 1800-2000 MHz bands, though frequencies in other bands are also used depending on the country and network operator. Mobile networks allocate frequencies in licensed spectrum to operators who must stay within the assigned band to avoid interference with other licensed services.

Risk Analysis using open FAIR and Adoption of right Security Controls

Priyanka Aash

What's hot

The Dark Side of PowerShell by George Dobrea

EC-Council

Pentest Apocalypse - SANSFIRE 2016 Edition

Beau Bullock

Internal Pentest: from z3r0 to h3r0

marcioalma

Attack All the Layers - What's Working in Penetration Testing

NetSPI

Fuzzing and You: Automating Whitebox Testing

NetSPI

Lateral Movement with PowerShell

kieranjacobsen

Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao

Shakacon

Lares from LOW to PWNED

Chris Gates

Extracting Credentials From Windows

NetSPI

TeelTech - Advancing Mobile Device Forensics (online version)

Mike Felch

Client side attacks using PowerShell

Nikhil Mittal

BlueHat v18 || Linear time shellcode detection using state machines and opera...

BlueHat Security Conference

Web security for developers

Sunny Neo

Defcon 22-david-wyde-client-side-http-cookie-security

Priyanka Aash

Started In Security Now I'm Here

Christopher Grayson

BSIDES-PR Keynote Hunting for Bad Guys

Joff Thyer

[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...

CODE BLUE

BlueHat v18 || Protecting the protector, hardening machine learning defenses ...

BlueHat Security Conference

Adversarial Post-Ex: Lessons From The Pros

Justin Warner

Secure360 - Attack All the Layers! Again!

Scott Sutherland

What's hot (20)

The Dark Side of PowerShell by George Dobrea

Pentest Apocalypse - SANSFIRE 2016 Edition

Internal Pentest: from z3r0 to h3r0

Attack All the Layers - What's Working in Penetration Testing

Fuzzing and You: Automating Whitebox Testing

Lateral Movement with PowerShell

Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao

Lares from LOW to PWNED

Extracting Credentials From Windows

TeelTech - Advancing Mobile Device Forensics (online version)

Client side attacks using PowerShell

BlueHat v18 || Linear time shellcode detection using state machines and opera...

Web security for developers

Defcon 22-david-wyde-client-side-http-cookie-security

Started In Security Now I'm Here

BSIDES-PR Keynote Hunting for Bad Guys

[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...

BlueHat v18 || Protecting the protector, hardening machine learning defenses ...

Adversarial Post-Ex: Lessons From The Pros

Secure360 - Attack All the Layers! Again!

Viewers also liked

Defcon 22-rmellendick-dakahuna-rf-penetration-testing-your-a

Priyanka Aash

Risk Analysis using open FAIR and Adoption of right Security Controls

Priyanka Aash

Network Forensics and Practical Packet Analysis

Priyanka Aash

Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop

Priyanka Aash

The document discusses the dark web and anonymity networks like Tor. It provides an overview of Tor, how it works to anonymize users, and some of the common tools used to access Tor networks and hidden services. It also discusses some of the challenges of anonymity like timing attacks and de-anonymization efforts by law enforcement, such as the takedown of Freedom Hosting and arrest of the alleged operator of the Silk Road dark web market.

Defcon 22-cesar-cerrudo-hacking-traffic-control-systems

Priyanka Aash

Cesar Cerrudo discovered that traffic control systems using wireless sensors from Sensys Networks were insecure. The sensors had no encryption or authentication, allowing anyone nearby to manipulate traffic patterns. He was able to hack into sensors in multiple countries. Cerrudo showed that low-cost attacks could potentially cause traffic jams or accidents. He warned that critical infrastructure should be properly secured before use.

Defcon 22-deviant-ollam-and-howard-payne-elevator hacking-fr

Priyanka Aash

This document provides an overview of a presentation on elevator hacking given by Deviant Ollam and Howard Payne. It introduces the speakers and their backgrounds, provides terminology and explanations of elevator technology, discusses various elevator security methods and how they can be bypassed, and outlines ways to gain access to elevator systems and manipulate their functions. Throughout, it emphasizes the importance of safety and warns that manipulating elevators could enable unauthorized access or cause damage.

Defcon 22-anton-sapozhnikov-acquire-current-user-hashes-with

Priyanka Aash

Practical Applications of Block Chain Technologies

Priyanka Aash

The document discusses blockchain technology and its potential practical uses. It begins by defining blockchain as a distributed digital ledger that allows participants in a network to securely record transactions without a central authority. It then provides examples of how blockchain could be used in healthcare to securely store electronic health records, enable smart contracts to automatically pay providers, and track medical devices to prevent counterfeiting. The document concludes by describing a hypothetical example where blockchain is used to give healthcare providers access to a patient's complete medical history from various sources to improve treatment while reducing redundant tests.

Defcon 22-graham-mc millan-tentler-masscaning-the-internet

Priyanka Aash

This document discusses tips, tricks, and results from mass scanning the internet. It provides reasons for scanning both defensively to check for vulnerabilities and offensively to find hackable systems. It discusses theoretical and practical infrastructure considerations like packet overhead, ISP billing, and abuse complaints. It also provides details on using the masscan tool for large internet scans, including options, output formats, and examples of scans done to check for vulnerabilities like Heartbleed or find services like VNC.

Defcon 22-weston-hecker-burner-phone-ddos

Priyanka Aash

The document discusses using inexpensive prepaid phones to conduct telephony denial-of-service (TDoS) attacks. It describes how the phones can be modified by unlocking their bootloaders and flashing them with custom firmware, allowing them to make thousands of spoofed calls in order to crash a target organization's phone system. The document shows how a kit with multiple modified phones, solar chargers, and other basic equipment could be used to conduct sustained TDoS attacks for around $21.

Defcon 22-tim-mcguffin-one-man-shop

Priyanka Aash

The document outlines how to build an effective security program with limited resources as a one-person shop. It discusses establishing people and processes, designing a secure network architecture by dividing the network into zones and applying security controls at boundaries, securing system design through least privilege and centralized logging, performing continuous monitoring through vulnerability scanning and log analysis, obtaining external validation through auditing and penetration testing, and ensuring compliance through following security best practices and frameworks. The overall goal is to prioritize security based on risks through people-focused automation and standardization of processes.

Defcon 22-richard-klafter-and-eric-swanson-check-your-finger

Priyanka Aash

Defcon 22-phil-polstra-am-i-being-spied-on

Priyanka Aash

This document provides low-cost methods for detecting various forms of surveillance, including video, audio, physical tailing, and bugs embedded in electronic devices. It outlines techniques using inexpensive hardware like Android tablets, BeagleBone boards, and modified power supplies to detect wireless cameras, radio signals from microphones and trackers, and small currents that could indicate active bugs. Common vehicles and behaviors used in physical tailing are also described. The document encourages vigilance through visual inspection and offers both passive and active methods for detecting surveillance attempts without expensive commercial equipment.

Defcon 22-tess-schrodinger-raxacoricofallapatorius-with-love

Priyanka Aash

The document provides an agenda and overview of case studies related to insider threats. It discusses several famous cases of insider threats, including Dr. Wen Ho Lee who was accused of stealing secrets from Los Alamos National Laboratory, and Brian Patrick Regan, a former intelligence analyst convicted of attempting to sell classified documents to foreign countries. It also covers current research on identifying personal and professional stressors and behaviors that may indicate risks of insider threats.

Defcon 22-robert-rowley-detecting-defending-against-surveill

Priyanka Aash

This document discusses state-actor surveillance techniques including hardware bugs, software exploits, and compromising cellular and WiFi networks. It describes various surveillance device codenames like "RAGEMASTER" and "HOWLERMONKEY" and explains how hardware can be implanted or firmware hacked to enable persistent surveillance. The document advocates for detection of these devices and urges caution but also skepticism of conspiracy theories without evidence. It provides sources for further reading on technical surveillance techniques.

Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones

Priyanka Aash

This document provides an overview and agenda for a presentation on attacking Cisco VoIP environments. It discusses discovering the VoIP network configuration and gaining access to the voice VLAN. It covers attacking Cisco Unified Communications Manager, SIP services, and Skinny services used for Cisco IP phones. It also addresses vulnerabilities in hosted VoIP services, tenant management portals, and IP phone management services that could allow privilege escalation or unauthorized access. The presentation aims to demonstrate real attacks on these systems using tools like Viproy and Metasploit.

Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi

Priyanka Aash

This document summarizes a presentation given by Dr. Phil and Captain Polly about the feasibility of cyber-hijacking airplanes. They discuss the aviation systems commonly claimed to be vulnerable like ADS-B, ACARS, and transponders. While these systems have no security, attacking them would likely only create phantom traffic or bogus messages. Hijacking a commercial airliner through its systems is not practical as they have mechanical backups and any electronic issues would trigger alerts to pilots. The closing thoughts note that increased automation and unsecured protocols do pose problems, but currently airliners themselves are relatively secure.

Defcon 22-gregory-pickett-abusing-software-defined-networks

Priyanka Aash

This document summarizes a presentation on abusing software defined networks. It discusses how SDNs separate the control plane from the data plane and use controllers to program switches. While SDNs solve many network problems, the presentation outlines several security weaknesses in SDN protocols and controllers like Floodlight and Opendaylight that could allow attackers to gain unauthorized access, intercept traffic, or launch denial of service attacks. It demonstrates exploits against real networks and advocates for securing SDN through encryption, authentication, access control, and developing security capabilities within SDN controllers.

Defcon 22-quaddi-r3plicant-hefley-hacking-911

Priyanka Aash

This document summarizes a talk on hacking 911 emergency response systems. It outlines various attacks on wired, wireless, and VoIP 911 systems, including initiating inappropriate responses, interfering with real emergencies, and conducting surveillance. Example attacks demonstrated modifying caller location data and overwhelming 911 systems with false calls. The document warns that successful attacks could negatively impact public health and safety by delaying emergency responses. It calls for technical and policy solutions like improved 911 network security standards, monitoring, and increased funding to address vulnerabilities.

Defcon 22-metacortex-grifter-darkside-of-the-internet

Priyanka Aash

Viewers also liked (20)

Defcon 22-rmellendick-dakahuna-rf-penetration-testing-your-a

Risk Analysis using open FAIR and Adoption of right Security Controls

Network Forensics and Practical Packet Analysis

Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop

Defcon 22-cesar-cerrudo-hacking-traffic-control-systems

Defcon 22-deviant-ollam-and-howard-payne-elevator hacking-fr

Defcon 22-anton-sapozhnikov-acquire-current-user-hashes-with

Practical Applications of Block Chain Technologies

Defcon 22-graham-mc millan-tentler-masscaning-the-internet

Defcon 22-weston-hecker-burner-phone-ddos

Defcon 22-tim-mcguffin-one-man-shop

Defcon 22-richard-klafter-and-eric-swanson-check-your-finger

Defcon 22-phil-polstra-am-i-being-spied-on

Defcon 22-tess-schrodinger-raxacoricofallapatorius-with-love

Defcon 22-robert-rowley-detecting-defending-against-surveill

Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones

Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi

Defcon 22-gregory-pickett-abusing-software-defined-networks

Defcon 22-quaddi-r3plicant-hefley-hacking-911

Defcon 22-metacortex-grifter-darkside-of-the-internet

Similar to Defcon 22-philip-young-from-root-to-special-hacking-ibm-main

PENETRATION TESTING FROM A HOT TUB TIME MACHINE

Chris Gates

This presentation discusses penetration testing techniques from an unconventional perspective. It advocates for intelligence gathering and footprinting before scanning or exploitation to have a more effective assessment. Specific techniques discussed include using open source intelligence gathering on internal and external systems to develop profiles and target lists. Footprinting activities within the network focus on enumeration of users, shares, services and other details to identify vulnerable systems rather than broad scanning. The presentation provides examples of exploiting old vulnerabilities in applications like Citrix and weaknesses in administration interfaces. It emphasizes continuing post-exploitation activities like privilege escalation and lateral movement within compromised systems to fully evaluate security.

The Dirty Little Secrets They Didn’t Teach You In Pentesting Class

Chris Gates

DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...

Felipe Prado

[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...

Hackito Ergo Sum

Today most networks present one “gateway” to the whole network – The SSL-VPN. A vector that is often overlooked and considered “secure”, we decided to take apart an industry leading SSL-VPN appliance and analyze it to bits to thoroughly understand how secure it really is. During this talk we will examine the internals of the F5 FirePass SSL-VPN Appliance. We discover that even though many security protections are in-place, the internals of the appliance hides interesting vulnerabilities we can exploit. Through processes ranging from reverse engineering to binary planting, we decrypt the file-system and begin examining the environment. As we go down the rabbit hole, our misconceptions about “security appliances” are revealed. Using a combination of web vulnerabilities, format string vulnerabilities and a bunch of frustration, we manage to overcome the multiple limitations and protections presented by the appliance to gain a remote unauthenticated root shell. Due to the magnitude of this vulnerability and the potential for impact against dozens of fortune 500 companies, we contacted F5 and received one of the best vendor responses we’ve experienced – EVER! https://www.hackitoergosum.org

[ENG] IPv6 shipworm + My little Windows domain pwnie

Zoltan Balazs

Create a welcoming development environment on IBM i

Alan Seiden

Thanks to languages such as PHP, young developers are entering the IBM i world, but may be unprepared for their new environment. They may not realize that IBM i has an SSH shell environment that can have them feeling at home and productive. This talk will offer tools and tips to allow developers to work from a UNIX command line in the manner they may be used to (with minor adjustments) on IBM i. Improve job satisfaction with the tips presented here. Topics will include: * create a chroot environment for safe experimentation on IBM i * install bash shell with tab autocomplete and other familar features * access DB2 and IBM i operations from the command line * use familiar editing tools such as vi * use php-cli efficiently

Hacking routers as Web Hacker

HeadLightSecurity

This document discusses hacking routers by exploiting their web interfaces. It outlines that routers commonly have web control panels that can be attacked like websites. It then provides a list of common router vulnerabilities like default credentials, authentication bypass, XSS, CSRF, and command injection. The document gives examples of exploiting these issues on specific router models and support software. It encourages first obtaining the router firmware to analyze for vulnerabilities before testing for issues like command injection, XSS, and CSRF that could lead to compromising the router's web interface or even remote code execution.

Workshop on Network Security

UC San Diego

Why internal pen tests are still fun

pyschedelicsupernova

This document discusses techniques for internal penetration testing. It begins by explaining why internal pen tests are more interesting than external or web app tests due to the ability to gain shells on internal systems. It then provides tips for easy exploits such as exploiting weak passwords, lack of patching, and improper access controls to gain initial access. Further tips include using tools like Responder to capture credentials, using a USB rubber ducky to quickly gain access when a user is logged in, and techniques for safely dumping passwords without antivirus detection. The document concludes by discussing how to escalate privileges to domain admin, loot sensitive data from file shares and databases, and scripts to automate post-exploitation tasks. Mitigations are briefly discussed as well as tips

Hunt for the red DA

Neil Lines

DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...

Lacework

Hacking routers as Web Hacker

Михаил Фирстов

This document discusses hacking routers by exploiting vulnerabilities in their web interfaces. It begins by introducing the author and their background in hacking routers and databases. Several common vulnerabilities are listed that exist in router web interfaces, such as default credentials, authentication bypass, XSS, CSRF and command injection. Methods for exploiting these vulnerabilities are described, including using XSS to gain access to sensitive information and CSRF to perform man-in-the-middle attacks. The document provides a step-by-step process for analyzing router firmware and interfaces to find vulnerabilities. It emphasizes that routers should be treated like web applications and vulnerabilities can be chained together for more serious attacks. Support software from ISPs is also highlighted as another potential target.

Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"

Defcon Moscow

This document discusses hacking routers by exploiting vulnerabilities in their web interfaces. It begins by introducing the author and their background in security research. Several common vulnerabilities are then outlined, including default credentials, authentication bypass, XSS, CSRF and command injection issues. The document provides examples of exploiting these flaws in various router models. A methodology is proposed for analyzing router firmware to find and exploit vulnerabilities, potentially achieving remote code execution. It emphasizes chaining multiple issues together for increased access. Finally, the document suggests that support software, internet service providers, and router developers themselves can also be targeted.

NTLM Relaying 101 - How to make your internal pentests pop

blindgamer7

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

Ajin Abraham

Tizen is an operating system which is built to run on various kinds of devices. Tizen OS defines following profiles based on the devices types supported. Tizen IVI (in-vehicle infotainment) Tizen Mobile Tizen TV, and Tizen Wearable Samsung's first Tizen-based devices are set to be launched in India in Nov 2014. This paper presents the research outcome on the security analysis of Tizen OS. The paper begins with a quick introduction to Tizen architecture which explains the various components of Tizen OS. This will be followed by Tizen's security model, where Application Sandboxing and Resource Access Control powered by Smack will be explained. The vulnerabilities in Tizen identified during the research and responsibly disclosed to Tizen community will be discussed. This includes issues like Tizen WebKit2 Address spoofing and content injection, Buffer Overflows, Issues in Memory Protection like ASLR and DEP, Injecting SSL Certificate into Trusted Zone, (Shellshock) CVE-2014-6271 etc. Applications in Tizen can be written in HTML5/JS/CSS or natively using C/C++. Overview of pentesting Tizen application will be presented along with some of the issues impacting the security of Tizen application. There will be comparisons made to Android application, and how these security issues differ with Tizen. For eg: Security issues with inter application communication with custom URL schemes or intent broadcasting in Android as opposed to using MessagePort API in Tizen. Issues with Webview & JavaScript Bridge in Android compared to how the web to native communication is handled with Tizen etc. Tizen is late to enter into the market as compared to Android or iOS, which gives it the benefit of learning from the mistakes impacting the security of mobile OS, and fixing these issues right in the Security Architecture. To conclude, a verdict would be provided by the speaker on how much Tizen has achieved with regard to making this mobile OS a secure one.

WordPress Security 101 - Meetup Nairobi March 2020

stk_jj

Everything You Need for a Viral Game (Except the Game)

Amazon Web Services

This document discusses tools for building viral games on AWS, focusing on Redis and Elasticsearch. It summarizes the key features of Redis as a fast in-memory database for tasks like leaderboards, chat, and analytics. It also outlines Amazon Elasticsearch Service for indexing and visualizing large logs. The document promotes these services as fully managed with no administration required and high performance and availability.

Advanced SOHO Router Exploitation XCON

Lyon Yang

Lyon Yang gave a presentation about exploiting IoT and embedded devices. He discussed how he became interested in embedded systems exploitation and contributed to the field. Yang explained common vulnerabilities he finds, such as stack overflows, backdoors, and exposed credentials. He demonstrated attacks like privilege escalation, command injection, and exploiting cache coherency issues. Yang provided tips for writing exploits against various architectures and overcoming challenges like bad characters and auto-restarting services.

Deploying PHP on PaaS: Why and How?

Docker, Inc.

The document summarizes PHP deployment on Platform as a Service (PaaS) and why it can help. It discusses how PHP deployment worked in the past with manual setups that were error-prone. PaaS allows fast deployment of new environments and leveraging of version control. It handles optimizations, upgrades, routing, and scaling automatically. The document provides an example of deploying a Symfony application to dotCloud PaaS, including configuring databases. Potential drawbacks are an initial learning curve and apps requiring reworking, but PaaS offers benefits like reduced costs and improved reliability.

Discovering Vulnerabilities For Fun and Profit

Abhisek Datta

This document discusses discovering vulnerabilities for fun and profit. It introduces the author and their security tools and research involving Microsoft Office, IBM Tivoli Endpoint Manager, HP Siteprotect, and more. It describes techniques like fuzzing, mutation generation, and attack surface analysis that were used to find vulnerabilities. XML mutation and attribute fuzzing of Microsoft OOXML formats are highlighted. Architecture analysis, intercepting traffic, and developing custom tools are discussed for fuzzing IBM Tivoli EM and analyzing the Dameware Mini Remote Control binary protocol. The document concludes by discussing ongoing security research and a balance between finding vulnerabilities and developing secure systems.

Similar to Defcon 22-philip-young-from-root-to-special-hacking-ibm-main (20)

PENETRATION TESTING FROM A HOT TUB TIME MACHINE

The Dirty Little Secrets They Didn’t Teach You In Pentesting Class

DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...

[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...

[ENG] IPv6 shipworm + My little Windows domain pwnie

Create a welcoming development environment on IBM i

Hacking routers as Web Hacker

Workshop on Network Security

Why internal pen tests are still fun

Hunt for the red DA

DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...

Hacking routers as Web Hacker

Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"

NTLM Relaying 101 - How to make your internal pentests pop

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

WordPress Security 101 - Meetup Nairobi March 2020

Everything You Need for a Viral Game (Except the Game)

Advanced SOHO Router Exploitation XCON

Deploying PHP on PaaS: Why and How?

Discovering Vulnerabilities For Fun and Profit

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs

Priyanka Aash

Verizon Breach Investigation Report (VBIR).pdf

Priyanka Aash

The Verizon Breach Investigation Report (VBIR) is an annual report analyzing cybersecurity incidents based on real-world data. It categorizes incidents and identifies emerging trends, threat actors, motivations, attack vectors, affected industries, common attack patterns, and recommendations. Each report provides the latest insights and data to give organizations a global perspective on evolving cyber threats.

Top 10 Security Risks .pptx.pdf

Priyanka Aash

The document summarizes the top 10 cybersecurity risks presented to the board of directors of a manufacturing company. It discusses each risk such as insider threats, cloud security, ransomware attacks, third party risks, and data security. For each risk, it provides the current posture in terms of controls, compliance level, and planned improvements. The CISO and other leaders such as the managing director, finance director, and chief risk officer attended the presentation.

Simplifying data privacy and protection.pdf

Priyanka Aash

1) Data is growing exponentially which increases the risk and impact of data breaches, while compliance requirements are also becoming more stringent. 2) IBM Security Guardium helps customers address this by discovering, classifying, and protecting sensitive data across platforms and simplifying compliance. 3) It detects threats in real-time, increases data security accuracy, and reduces the time spent on audits and issue remediation, helping customers minimize the impact of potential data breaches and address local compliance requirements.

Generative AI and Security (1).pptx.pdf

Priyanka Aash

Generative AI and Security Testing discusses generative AI, including its definition as a subset of AI focused on generating content similar to human creations. The document outlines the evolution of generative AI from artificial neural networks to modern models like GPT, GANs, and VAEs. It provides examples of different types of generative AI like text, image, audio, and video generation. The document proposes potential uses of generative AI like GPT for security testing tasks such as malware generation, adversarial attack simulation, and penetration testing assistance.

EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf

Priyanka Aash

The document discusses shifting the focus in cybersecurity from vulnerability management to weakness management and attack surface management. It argues that attacks persist because approaches focus only on software vulnerabilities, while ignoring other weaknesses like technological, people and process weaknesses that expand the potential attack surface. A new approach is needed that takes a holistic view of all weaknesses and continuously monitors the entire attack surface to better prevent attacks.

DPDP Act 2023.pdf

Priyanka Aash

The document summarizes key aspects of the proposed Digital Personal Data Protection Act 2023 in India, including its scope, definitions, obligations of data fiduciaries, grounds for processing personal data, notice requirements for data principals, and penalties for non-compliance. It outlines categories of entities that would be considered significant data fiduciaries and the additional obligations that would apply to them. The summary also compares some aspects of the proposed Indian law to the General Data Protection Regulation (GDPR) in the European Union.

Cyber Truths_Are you Prepared version 1.1.pptx.pdf

Priyanka Aash

This document discusses cybersecurity threats and SentinelOne's solutions. It begins with questions about an organization's cyber preparedness and budget. It then discusses the cat-and-mouse game between attackers and defenders. The document highlights growing ransomware threats and payments. It argues SentinelOne provides a unified security solution that lowers costs, risks, and complexity while improving detection and response. It shares industry recognition for SentinelOne and concludes by thanking the audience.

Cyber Crisis Management.pdf

Priyanka Aash

An IT systems outage and distributed denial of service (DDoS) attack impacted an organization called XYZ Ltd. This was followed by a ransom demand email from an anonymous sender threatening to release sensitive project data. When the ransom deadline passed, anonymous hackers released a video on social media and the data breach began receiving media coverage. A customer then contacted XYZ to inquire about the data leak and if their content was impacted. The document outlines discussions between teams at XYZ on responding to the cyber incident and lessons learned.

CISOPlatform journey.pptx.pdf

Priyanka Aash

The CISO Platform is a 10+ year old dedicated social platform for CISOs and senior IT security leaders that has grown to over 40,000 members across 20+ countries. Through sharing and collaboration, the community has created over 500 checklists, frameworks, and playbooks that are available for free to members. The platform also hosts an annual security conference with over 100 speakers and 20 workshops attended by 20,000 people. The goal of the CISO Platform is to build tangible community goods and resources through open sharing and collaboration among security professionals.

Chennai Chapter.pptx.pdf

Priyanka Aash

This document provides updates from the Chennai Chapter of the CISO Platform for 2021. It discusses the following: 1. The Breach and Attack Summit held in December which included panel discussions, presentations, task forces, and workshops despite natural disasters, with over 200 attendees. 2. Chapter meetings focused on ransomware trends and lessons learned from attacks. 3. A kids initiative to promote cybersecurity awareness through sessions for students, parents and teachers at local schools. 4. The task forces focused on topics like cyber risk quantification, quantum computing, cyber insurance and privacy.

Cloud attack vectors_Moshe.pdf

Priyanka Aash

Stories From The Web 3 Battlefield

Priyanka Aash

Lessons Learned From Ransomware Attacks

Priyanka Aash

The document summarizes a ransomware attack experienced by the author's organization and the lessons learned. It describes how the ransomware encrypted files and powered off virtual machines. It then details the recovery process over several days, including bringing in an incident response firm, rebuilding infrastructure, and restoring service for customers. Key lessons included having stronger access controls, backups stored separately, and implementing security tools like EDR, centralized logging, and identity management best practices.

Emerging New Threats And Top CISO Priorities In 2022 (Chennai)

Priyanka Aash

Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)

Priyanka Aash

Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)

Priyanka Aash

Cloud Security: Limitations of Cloud Security Groups and Flow Logs

Priyanka Aash

Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud

Cyber Security Governance

Priyanka Aash

Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.

Ethical Hacking

Priyanka Aash

The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs

Verizon Breach Investigation Report (VBIR).pdf

Top 10 Security Risks .pptx.pdf

Simplifying data privacy and protection.pdf

Generative AI and Security (1).pptx.pdf

EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf

DPDP Act 2023.pdf

Cyber Truths_Are you Prepared version 1.1.pptx.pdf

Cyber Crisis Management.pdf

CISOPlatform journey.pptx.pdf

Chennai Chapter.pptx.pdf

Cloud attack vectors_Moshe.pdf

Stories From The Web 3 Battlefield

Lessons Learned From Ransomware Attacks

Emerging New Threats And Top CISO Priorities In 2022 (Chennai)

Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)

Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)

Cloud Security: Limitations of Cloud Security Groups and Flow Logs

Cyber Security Governance

Ethical Hacking

Recently uploaded

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU

panagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/ DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen! Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell. Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten. Diese Themen werden behandelt - Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten - Wie funktionieren CCB- und CCX-Lizenzen wirklich? - Verstehen des DLAU-Tools und wie man es am besten nutzt - Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw. - Praxisbeispiele und Best Practices zum sofortigen Umsetzen

“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...

Edge AI and Vision Alliance

For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/ Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit. As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies. In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.

GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph

Neo4j

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers

akankshawande

Skybuffer SAM4U tool for SAP license adoption

Tatiana Kojar

Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool. SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.

The Microsoft 365 Migration Tutorial For Beginner.pptx

operationspcvita

zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...

Alex Pruden

Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security. Paper Link: https://eprint.iacr.org/2024/257

Principle of conventional tomography-Bibash Shahi ppt..pptx

BibashShahi

Astute Business Solutions | Oracle Cloud Partner |

AstuteBusiness

Energy Efficient Video Encoding for Cloud and Edge Computing Instances

Alpen-Adria-Universität

Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency

ScyllaDB

Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe

Precisely

Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market. Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.

Choosing The Best AWS Service For Your Website + API.pptx

Brandon Minnick, MBA

Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API? Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose? Which one is cheapest? Which one is fastest? Which one will scale to meet our needs? Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!

Artificial Intelligence and Electronic Warfare

Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD

5th LF Energy Power Grid Model Meet-up Slides

DanBrown980551

5th Power Grid Model Meet-up It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology. Power Grid Model The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services. Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability. Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization. What to expect For the upcoming meetup we are organizing, we have an exciting lineup of activities planned: -Insightful presentations covering two practical applications of the Power Grid Model. -An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024. -An interactive brainstorming session to discuss and propose new feature requests. -An opportunity to connect with fellow Power Grid Model enthusiasts and users.

GNSS spoofing via SDR (Criptored Talks 2024)

Javier Junquera

In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security. This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing. The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.

AppSec PNW: Android and iOS Application Security with MobSF

Ajin Abraham

Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application. This talk covers: Using MobSF for static analysis of mobile applications. Interactive dynamic security assessment of Android and iOS applications. Solving Mobile app CTF challenges. Reverse engineering and runtime analysis of Mobile malware. How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.

Driving Business Innovation: Latest Generative AI Advancements & Success Story

Safe Software

Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency. During the hour, we’ll take you through: Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board. Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes. Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI. We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI. This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!

Monitoring and Managing Anomaly Detection on OpenShift.pdf

Tosin Akinosho

Monitoring and Managing Anomaly Detection on OpenShift Overview Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices. Key Topics Covered 1. Introduction to Anomaly Detection - Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems. 2. Understanding Edge (IoT) - Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source. 3. What is ArgoCD? - Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices. 4. Deployment Using ArgoCD for Edge Devices - Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD. 5. Introduction to Apache Kafka and S3 - Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions. 6. Viewing Kafka Messages in the Data Lake - Learn how to view and analyze Kafka messages stored in a data lake for better insights. 7. What is Prometheus? - Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices. 8. Monitoring Application Metrics with Prometheus - Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system. 9. What is Camel K? - Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes. 10. Configuring Camel K Integrations for Data Pipelines - Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow. 11. What is a Jupyter Notebook? - Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text. 12. Jupyter Notebooks with Code Examples - Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.

Y-Combinator seed pitch deck template PP

c5vrf27qcz

Recently uploaded (20)

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU

“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...

GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers

Skybuffer SAM4U tool for SAP license adoption

The Microsoft 365 Migration Tutorial For Beginner.pptx

zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...

Principle of conventional tomography-Bibash Shahi ppt..pptx

Astute Business Solutions | Oracle Cloud Partner |

Energy Efficient Video Encoding for Cloud and Edge Computing Instances

Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency

Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe

Choosing The Best AWS Service For Your Website + API.pptx

Artificial Intelligence and Electronic Warfare

5th LF Energy Power Grid Model Meet-up Slides

GNSS spoofing via SDR (Criptored Talks 2024)

AppSec PNW: Android and iOS Application Security with MobSF

Driving Business Innovation: Latest Generative AI Advancements & Success Story

Monitoring and Managing Anomaly Detection on OpenShift.pdf

Y-Combinator seed pitch deck template PP

Defcon 22-philip-young-from-root-to-special-hacking-ibm-main

1. From ROOT to SPECIAL Hacking IBM Mainframes Soldier of Fortran @mainframed767

2. DISCLAIMER! All research was done under personal time. I am not here in the name of, or on behalf of, my employer. Therefore, any views expressed in this talk are my own and not those of my employer. This talk discusses work performed in my spare time generally screwing around with mainframes and thinking 'what if this still works...' @mainframed767

3. ?Question? PLAIN TXT 53% SSL 47% INTERNET MAINFRAMES

4. ?SSL? Self Signed 33% No Error 49 SSL TN3270 MAINFRAMESBad CA 17%

5. Who are you? •  Security Guy •  Tired of 90’s thinking •  Eye opening experience @mainframed767

6. PCI Security Expert Mainframe Security Guru ISO 27002 & PCI Certifier “What’s NETSTAT?” - Our Horrible Consultant

7. Spoken

8. z/OS? WTF •  Most popular “mainframe” OS •  Version 2.1 out now! Legacy my ass! @mainframed767

9. z/OS Demo •  Let’s take a look at this thing •  It’ll all make sense @mainframed767

10. zOS or PoS? •  Hard to tell, identifying sucks •  Scanner have “challenges” nmap -sV -p 992 167.xxx.4.2 -Pn @mainframed767

11. Nmap 6.40 PORT: 992/tcp STATE: open SERVICE: ssl VERSION: IBM OS/390 @mainframed767

12. Nmap 6.46 PORT: 992/tcp STATE: open SERVICE: ssl VERSION: Microsoft IIS SSL @mainframed767

13.

14. CENSORED( CENSORED( CENSORED( CENSORED( CENSORED( CENSORED(

15. Other Methods •  Web Servers: IBM HTTP Server V5R3M0

16. FTP Banner @mainframed767 CENSORED(

17. Lets Break in •  Steal Credentials •  Web Server •  3270 Panels – Usin’ BIRP @mainframed767

18. Ettercap Demo @mainframed767

19. Missed it @mainframed767

20. CGI-Bin in tyool 2014 •  REXX / SH still used •  Injection simple, if you know TSO commands @mainframed767

21. @mainframed767

22.

23.

24. CENSORED( CENSORED( @mainframed767

25. B.I.R.P. •  Big Iron Recon & Pwnage – By @singe – HITB 2014 •  3270 is awesome @mainframed767

26. Standard 3270 @mainframed767

27. BIRP 3270 @mainframed767

28. Only FTP? •  No Problem! •  FTP lets you run JCL (JCL = Script) •  Command: SITE FILE=JES

29. Access Granted •  Now we have access •  FTP Account •  Asking someone Now what? @mainframed767

30.

31. Escalate! •  Let’s escalate our privilege •  Connect with telnet/ssh/3270 @mainframed767

32. Getroot.rx •  rexx script •  Leverages CVE-2012-5951: Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level.

33. Tsk tsk •  IBM not really being honest here • Works on any setuid REXX script! @mainframed767

34. @mainframed767

35. DEMO @mainframed767

36. DEMO

37. THANKS •  Swedish Black Hat community •  Oliver Lavery – GDS Security •  Logica Breach Investigation Files

38.

39. Keep ACCESS •  Get a copy of the RACF database •  John the Ripper racf2john racf.db john racf_hashes @mainframed767

40. Steal •  Use IRRDBU00 to convert RACF to flat file •  Search for SPECIAL accounts •  Login with a SPECIAL account @mainframed767

41. IRRDBU00 CENSORED( @mainframed767

42. Welcome to OWN zone •  SPECIAL gives access to make any change to users •  Add Users •  Make others SPECIAL, OPERATIONS @mainframed767

43. Give r UID 0 @mainframed767

44. Give r SPECIAL @mainframed767

45. INETD @mainframed767

46. INETD •  Works just like Linux Kill inetd: - ps –ef|grep inetd - Kill <id> @mainframed767

47. Connect with NETEBCDICAT •  EBCDIC! @mainframed767 •  Use NetEBCDICat

48. BPX. Wha? •  BPX.SUPERUSER – Allows people to su to root without password

49. BPX.SUPERUSER •  As SPECIAL user type (change userid): PERMIT BPX.SUPERUSER CLASS(FACILITY) ID(USERID) ACCESS(READ) And SETROPTS GENERIC(FACILITY) REFRESH

50. Tools •  CATSO –  TSO Bind/Reverse shell •  TSHOCKER – Python/JCL/FTP wrapper for CATSO •  MainTP – Python/JCL/FTP getroot.rx wrapper @mainframed767

51.

52. TShocker @mainframed767

53. Maintp •  Uses GETROOT.rx + JCL and FTP and NetEBCDICat to get a remote root shell @mainframed767

54.

55. Thanks •  Logica Breach Investigation Team •  Dominic White (@singe) •  The community

56. Contact Twitter @mainframed767 Email mainframed767@gmail.com Websites: Mainframed767.tumblr.com Soldieroffortran.org

Defcon 22-philip-young-from-root-to-special-hacking-ibm-main

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Defcon 22-philip-young-from-root-to-special-hacking-ibm-main

Similar to Defcon 22-philip-young-from-root-to-special-hacking-ibm-main (20)

More from Priyanka Aash

More from Priyanka Aash (20)

Recently uploaded

Recently uploaded (20)

Defcon 22-philip-young-from-root-to-special-hacking-ibm-main