May: Evil Mainframe: Beginner z/OS Penetration Testing with Philip Young and Chad Rikansrud

Mainframes, and specifically z/OS, represents a massive blind spot when it comes to penetration testing. People lack the capabilities and language to properly test the security of these corporate mainstays. As it stands today these system sit largely untouched by IT security professionals, until, that is, a breach occurs, such as the breach of a bank and government mainframe in Europe leading to the potential loss of a million USD. If your company has a mainframe chances are it’s never been given it’s proper day in the sun. We’ve heard all the excuses ranging from “system outage” to “we don’t know how”. This training aims to tackle the excuses by demonstrating that mainframes are just computers like everything else, providing the attendees with the language and knowledge to start testing their own mainframes. Arming them with the appropriate responses and tools to tackle every excuse in the book.

This training, and its supplemental materials, provides a solid baseline when it comes to the operating system (z/OS) followed by creating tools and using scripting languages such as python to help with a mock penetration test.

This course provides customized training on the newest attack vectors created by the trainers, techniques for gaining system access and how to perform an end-to-end penetration test. After a quick overview of how z/OS works and how to translate from Linux to z/OS the instructors will lead students through the various attack vectors against a target mainframe. Students will be introduced to the platform by being allowed to explore the operating system with TN3270 and allowing students to understand the weaknesses within the protocol that allows us to automate much of our testing. Students will also get introduced to the only open source tools and libraries available for all the steps of a penetration test including Nmap and metasploit. A goal of this course is teaching students how the various layers of the stack work (Operating System, VTAM, RACF, Network) so they can develop their own techniques and skillets to conduct appropriate mainframe penetration testing.

The majority of the course will be spend performing instructor led hands on mainframe testing with the tools available. Goals for each segment will be laid out with appropriate time afforded to students to allow them the ability to gain a deep understanding of how a test could and should be performed. Exercises will be based on real world attack scenarios.

While this class is outlined as a beginner class to mainframe hacking the attendee should have knowledge of IT security, penetration testing and very basic Python.