Title: Evil Mainframe Jr: Mainframe hacking from recon to privesc

Instructor: Soldier of Fortran & Big Endian Smalls

Abstract: Mainframes power every industry you care about. Yet hackers have no idea how to even begin approaching this these big iron beasts. Where do you even start? VTAM? CICS? TSO? This workshop aims to give you the tools and language you can use to hack a mainframe. Starting with reconnaissance and ending with privilege escalation this workshop will walk you through all the tools and techniques you can use to hack a mainframe in 2019. Students will be introduced to the platform by being allowed to explore the operating system and allowing students to understand the weaknesses within. Students will also get introduced to open source tools and libraries available for all the steps of a penetration test including Nmap, metasploit, python scripts, REXX scripts and even HLASM. The majority of the workshop will be spent performing instructor led hands on mainframe testing with the tools available. Goals for each segment will be laid out with appropriate time afforded to students to allow them the ability to gain a deep understanding of how a test could and should be performed. Exercises will be based on real world attack scenarios developed by the trainers. This training specifically focuses on z/OS.

Level: Intermediate

Pre-Requisites: Background in penetration testing/red team and knowledge of tools like nmap, metasploit and scripting languages like Python/Ruby

Required Materials: Laptop capable of running a VM, power for their laptop.