Evil Mainframe - z/OS Mainframe Penetration Testing
Event Information
About this event
Have you ever been mid pentest with mainframe credentials and thought 'now what?' Or were you ever asked to do a mainframe pentest and didn't even know where to start? Maybe you're a sysprog and think your systems are impenetrable. Are you hoping to someday include your orgs mainframe in a red team op? Well, no matter your background this course is for you!
This course provides training on mainframe penetration testing using the most recent and up to date attack vectors. Walking through techniques for gaining system access, performing end-to-end penetration tests, and teaching you to 'own' the mainframe.
After a quick overview of how z/OS works and how to translate from Windows/Linux to "z/OS" the instructors will lead students through multiple real world scenarios and labs against a real live target mainframe. The areas explored in this course include VTAM, CICS, RACF, JES2, NJE, LU, TSO, Unix and Web. Students will be given access to this mainframe environment for the duration of the course where they will learn to navigate the operating system, learn some of the misconfiguration targets and privilege escalation techniques. They will get introduced to the open source tools and libraries available for all the steps of a penetration test including Nmap, python, kali, and metasploit as well as being able to write their own tools on the mainframe using REXX, JCL, C and CLISTs.
The majority of the course will be spent performing instructor led hands on mainframe testing labs with tools provided by the instructors. Goals for each segment will be laid out with appropriate time afforded to students to allow them the ability to gain a deep understanding of how a mainframe pentest could and should be performed. Exercises will be based on real world attack scenarios.
This is a beginner mainframe hacking class, but attendees should have knowledge of IT security, penetration testing and Python.
Student discounts and discounts for those who unable to afford the class can email info@evilmainframe.com for details.