Phil Young - Hand On Mainframe Buffer Overflows - RCE Edition
Friday PM - Elko Phil Young - Hand On Mainframe Buffer Overflows - RCE Edition
For decades mainframes have been thought to be unhackable. One of the core tenants of this myth was that buffer overflows were not possible on MVS. In 2020 a mainframe hacker figured out how to find and exploit z/OS binaries using very simple buffer overflow techniques. This workshop aims to teach you those techniques. Attendees will learn how C programs are used on mainframes, understand how to use JCL for buffer overflows, how save areas are used, common registries used for pointers, ASCII to EBCDIC machine code, and how they can hunt vulnerable binaries in their environment. Multiple hands-on labs will be instructor lead with a real mainframe provided both during and after class.
Pre-requisites:
- None
Materials or Equipment Required:
- A laptop capable of running a modern browser
Friday PM - Elko Phil Young - Hand On Mainframe Buffer Overflows - RCE Edition
For decades mainframes have been thought to be unhackable. One of the core tenants of this myth was that buffer overflows were not possible on MVS. In 2020 a mainframe hacker figured out how to find and exploit z/OS binaries using very simple buffer overflow techniques. This workshop aims to teach you those techniques. Attendees will learn how C programs are used on mainframes, understand how to use JCL for buffer overflows, how save areas are used, common registries used for pointers, ASCII to EBCDIC machine code, and how they can hunt vulnerable binaries in their environment. Multiple hands-on labs will be instructor lead with a real mainframe provided both during and after class.
Pre-requisites:
- None
Materials or Equipment Required:
- A laptop capable of running a modern browser