Slides Here: https://defcon.org/images/defcon-22/d…
From root to SPECIAL: Pwning IBM Mainframes
Philip “Soldier of Fortran” Young
1.1 million transactions are run through mainframes every second worldwide. From your flight to your ATM withdrawal a mainframe was involved. These critical, mainstays of the corporate IT world aren’t going anywhere. But while the hacker community has evolved over the decades, the world of the mainframe security has not.
This talk will demonstrate how to go from meeting an IBM, zSeries z/OS mainframe, getting root and eventually getting system SPECIAL, using tools that exist currently and newly written scripts. It will also show you how you can get access to a mainframe to help develop your own tools and techniques.
This talk will teach you the ‘now what’ after you’ve encountered a mainframe, returning the balance from the ‘computing mystics’ who run the mainframe back to the community.
Phil “Soldier of Fortran” Young is a mainframe security researcher at a large corporation where he develops audit and security requirements guidelines for the various ‘legacy‘ mainframe systems. In polite company he is referred as a ‘Mainframe Security Enthusiast’ and amongst mainframers “that f***ing guy making my life harder”. He has given talks about mainframe security at various security conferences including BlackHat, BSidesLV and Shmoocon. While at work and at home he devotes his time to researching z/OS design and implementation flaws, developing tools and writing articles and resources for other security experts to leverage as they “discover” the mainframe.