Gaps in Your Defense: Hacking the Mainframe

Post on 16-Apr-2017

150 views 2 download

Transcript of Gaps in Your Defense: Hacking the Mainframe

World®’16

GapsinYourDefense:HackingtheMainframePhilipYoung- Co-Founder- ZedSec 390

MFT175S

MAINFRAMEANDWORKLOADAUTOMATION

2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.

Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.

ForInformationalPurposesOnlyTermsofthisPresentation

3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Abstract

Themainframeisthemission-essentialbackboneoftheenterprise,housingover70percentofcorporatedata,touchingmorethanhalfofallapplications,andconnectingtotheinternetandInternetofThings(IoT)throughAPIs.However,intheenterprisesecuritydiscussion,themainframeisoftenpresumedtobeinherentlysecure.Thissessionwilldiveintothecurrentstateofmainframeofmainframehacking,whyhackersaretakingalargerinterestintheplatform,adiscussionofcomplianceversussecurityandnextstepsonhowyoucanoptimizethesecurityofyourmostmission-essentialbusinessasset.

PhilipYoungZedSec 390Co-Founder

4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Disclaimer

I’mnothereinthenameoforonbehalfofmyemployer.Allopinionsexpressedherearemyown.

PhilipYoungZedSec 390Co-Founder

5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLDLogica SecurityIncidentInvestigation:Bilaga_A.pdfSource:https://wikileaks.org/gottfrid-docs/

12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLDCastleWallsUnderDigitalSiege:Risk-basedSecurityforz/OS– CAWorld‘15Source:https://www.youtube.com/watch?v=CySiZOaY2T0

13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

CommonMyths

IT’SNOTONTHEINTERNET

IT’SIMPENETRABLE

HACKERSDON’TKNOWABOUTITHACKERSDON’TKNOWABOUTIT

BUTWE’REAUDITEDALLOFTHETIME

14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

The‘IMP’

§ Startedin2013

§ Tools:– MassScan– Nmap– Python– X3270– LinuxVPS

§ Databaseof400+mainframes

https://mainframesproject.tumblr.com/

InternetMainframesProject

15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

ItDoesn’tMatter

20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

EnterprisesareFlat

§ Manylargeenterprisesexperiencedabreachin2015

§ Flatnetworks

§ Nofirewallbetween“Corporate”networkandmainframe

21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

HackingtheUnhackable

§ Fromthenetwork

§ Noknowledgeofthesystem

§ Steps– Gatherinformation– Profilethesystem– Launchattacks

Toolsreleased/updatedin2015/2016

22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Nmap in2015/2016

•Anon?•SITE?•OSVersion?

• Information•VTAM?•CICS?•TSO?

•Version?•Nikto?•BURP?•Enumerate?• JavaObjects

23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

TN3270Screen

24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

VTAMEnumeration

25 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

TSOUserEnumeration

26 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

27 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

CICSTransactionEnumeration

28 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Removed

Removed

Removed

29 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

CICSpwn

30 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

CICSpwn:TSOShell

31 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

CICSpwn:TSOShell

32 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

FTPAuthorizedCodeExec

33 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

WhatCanIDo?

§ Complianceisliterallythestart

§ Justbecauseyou’recompliantdoesn’tmean:– Thecompliancerulesarewelldone– Representcurrentthreats– Matchcurrentbaselines

§ VulnerabilityScanning?

34 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

GapAssessment

§ Compareyourrequirementstoastandard

§ Howdoyoucompareandcontrast?

§ Who’sexpertiseareyourelyingon?

35 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

GoBeyondCompliance

§ zAssure?

§ IdentifyingDataAssets?

§ LoggingandMonitoring?– zSecure– IronStream– Vanguard

§ PenetrationTesting?

36 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

CICSpwnhttps://github.com/ayoul3/cicspwn

Nmap Scriptshttps://github.com/zedsec390/NMAP

Metasploithttps://github.com/rapid7/metasploit-framework

Contact&ReferencesTwitter:@mainframed767E-Mail:mainframed767@gmail.com

37 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Stayconnectedatcommunities.ca.com

Thankyou.

38 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MustSeeDemos

Real-TimeDataSecurity&Compliance

CADataContentDiscoveryMainframeTheatre

MainframeSecuritySmartBar

CATopSecretMainframeTheatre

Real-TimeDataSecurity&Compliance

CAComplianceEventManagerMainframeTheatre

MainframeSecuritySmartBar

CAACF2MainframeTheatre

39 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MainframeandWorkloadAutomation

FormoreinformationonMainframeandWorkloadAutomation,pleasevisit:http://cainc.to/9GQ2JI