Phil Young - Hand On Mainframe Buffer Overflows - RCE Edition

DEF CON Workshops are an opportunity to learn from others in our community in a four hour class. The workshops range in difficulty from n00b to hardcore hacker and on almost any topic that you can think of in the realm of hacking.Now on to some things to keep in mind while you look at which workshop(s) to register for:Workshop Registration will be handled online. Announcement will be made as we get ready to open reg the day before.In order to decrease the number of no-shows, DEF CON Workshops will be instituting a $25 registration fee to attendees. Tickets are available on a first come, first served basis. Additional costs include possible low-fee for material costs, if applicable, and will be collected by the instructor at the time of the workshop.There will be a limited number of students on standby lists for each class, should a registration cancel.There will beNOonsite registration, period. Anyone on standby will be notified they are on standby before the conference. There will beNOonsite standby line or list to sign up for. Everything will be arranged pre-con.Students will be limited to purchasing 2 tickets per class.You can register for as many classes as you can attend in one day. ( No two classes at the same time. If you have mastered occupying two spaces at the same time, there are some physics academics who would be pleased to meet you among others)

DEF CON WORKSHOPS

Friday PM - Elko
 Phil Young - Hand On Mainframe Buffer Overflows - RCE Edition

Harrah's Las Vegas

DEF CON 30 - Friday PM Workshops

For decades mainframes have been thought to be unhackable. One of the core tenants of this myth was that buffer overflows were not possible on MVS. In 2020 a mainframe hacker figured out how to find and exploit z/OS binaries using very simple buffer overflow techniques. This workshop aims to teach you those techniques. Attendees will learn how C programs are used on mainframes, understand how to use JCL for buffer overflows, how save areas are used, common registries used for pointers, ASCII to EBCDIC machine code, and how they can hunt vulnerable binaries in their environment. Multiple hands-on labs will be instructor lead with a real mainframe provided both during and after class.Pre-requisites: <ul><li>None</li></ul>Materials or Equipment Required:<ul><li>A laptop capable of running a modern browser</li></ul>