CA World - mft1755 - gaps in your defense hacking the mainframe - philip young

World®’16

GapsinyourDefense:HackingtheMainframePhilipYoung,Co-Founder,ZedSec390

MFT1755

MAINFRAMEANDWORKLOADAUTOMATION

2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespec\vecompanies.

ThecontentprovidedinthisCAWorld2016presenta\onisintendedforinforma\onalpurposesonlyanddoesnotformanytypeofwarranty.Theinforma\onprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.

ForInforma\onalPurposesOnlyTermsofthisPresenta\on


Abstract

Themainframeisthemission-essen\albackboneoftheenterprise,housingover70percentofcorporatedata,touchingmorethanhalfofallapplica\ons,andconnec\ngtotheinternetandInternetofThings(IoT)throughAPIs.However,intheenterprisesecuritydiscussion,themainframeisoaenpresumedtobeinherentlysecure.Thissessionwilldiveintothecurrentstateofmainframeofmainframehacking,whyhackersaretakingalargerinterestintheplaborm,adiscussionofcomplianceversussecurityandnextstepsonhowyoucanop\mizethesecurityofyourmostmission-essen\albusinessasset.

PhilipYoung

ZedSec390Co-Founder


Disclaimer

I’mnothereinthenameoforonbehalfofmyemployer.Allopinionsexpressedherearemyown.

PhilipYoung

ZedSec390Co-Founder


CommonMyths

IT’SNOTONTHEINTERNET

IT’SIMPENETRABLE

HACKERSDON’TKNOWABOUTITHACKERSDON’TKNOWABOUTIT

BUTWE’REAUDITEDALLTHETIME!?


The‘IMP’

§  Startedin2013§  Tools:

–  MassScan–  Nmap–  Python–  X3270–  LinuxVPS

§  Databaseof400+mainframes

hkps://mainframesproject.tumblr.com/

InternetMainframesProject


ItDoesn’tMa=er


EnterprisesareFlat

§ Manylargeenterprisesexperiencedabreachin2015

§  Flatnetworks

§  Nofirewallbetween“Corporate”networkandmainframe


HackingtheUnhackable

§  Fromthenetwork

§  Noknowledgeofthesystem

§  Steps–  Gatherinforma\on–  Profilethesystem–  Launchakacks

Toolsreleased/updatedin2015/2016


Nmapin2015/2016

• Anon?• SITE?• OSVersion?

• Informa\on• VTAM?• CICS?• TSO?

• Version?• Nikto?• BURP?• Enumerate?• JavaObjects


TN3270Screen


VTAMEnumera\on


TSOUserEnumera\on


CICSTransac\onEnumera\on


CICSpwn


CICSpwn:TSOShell


FTPAuthorizedCodeExec


WhatCanIDo?

§  Complianceisliterallythestart

§  Justbecauseyou’recompliantdoesn’tmean:–  Thecompliancerulesarewelldone–  Representcurrentthreats–  Matchcurrentbaselines

§  VulnerabilityScanning?


GapAssessment

§  Compareyourrequirementstoastandard

§  Howdoyoucompareandcontrast?

§ Who’sexper\seareyourelyingon?


GoBeyondCompliance

§  zAssure?§  Iden\fyingDataAssets?§  LoggingandMonitoring?

–  zSecure–  IronStream–  Vanguard

§  Penetra\onTes\ng?


Ques\ons?


CICSpwnh=ps://github.com/ayoul3/cicspwn

NmapScriptsh=ps://github.com/zedsec390/NMAP

Metasploith=ps://github.com/rapid7/metasploit-framework

Contact&ReferencesTwi=er:@mainframed767E-Mail:[email protected]


Stayconnectedatcommuni\es.ca.com

Thankyou.

CA World - mft1755 - gaps in your defense hacking the mainframe - philip young

Technology

Transcript of CA World - mft1755 - gaps in your defense hacking the mainframe - philip young