CA World - mft1755 - gaps in your defense hacking the mainframe - philip young
-
Upload
philip-young -
Category
Technology
-
view
98 -
download
0
Transcript of CA World - mft1755 - gaps in your defense hacking the mainframe - philip young
World®’16
GapsinyourDefense:HackingtheMainframePhilipYoung,Co-Founder,ZedSec390
MFT1755
MAINFRAMEANDWORKLOADAUTOMATION
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespec\vecompanies.
ThecontentprovidedinthisCAWorld2016presenta\onisintendedforinforma\onalpurposesonlyanddoesnotformanytypeofwarranty.Theinforma\onprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInforma\onalPurposesOnlyTermsofthisPresenta\on
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
Themainframeisthemission-essen\albackboneoftheenterprise,housingover70percentofcorporatedata,touchingmorethanhalfofallapplica\ons,andconnec\ngtotheinternetandInternetofThings(IoT)throughAPIs.However,intheenterprisesecuritydiscussion,themainframeisoaenpresumedtobeinherentlysecure.Thissessionwilldiveintothecurrentstateofmainframeofmainframehacking,whyhackersaretakingalargerinterestintheplaborm,adiscussionofcomplianceversussecurityandnextstepsonhowyoucanop\mizethesecurityofyourmostmission-essen\albusinessasset.
PhilipYoung
ZedSec390Co-Founder
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Disclaimer
I’mnothereinthenameoforonbehalfofmyemployer.Allopinionsexpressedherearemyown.
PhilipYoung
ZedSec390Co-Founder
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLDLogicaSecurityIncidentInves3ga3on:Bilaga_A.pdfSource:h=ps://wikileaks.org/goArid-docs/
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLDCastleWallsUnderDigitalSiege:Risk-basedSecurityforz/OS–CAWorld‘15Source:h=ps://www.youtube.com/watch?v=CySiZOaY2T0
13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CommonMyths
IT’SNOTONTHEINTERNET
IT’SIMPENETRABLE
HACKERSDON’TKNOWABOUTITHACKERSDON’TKNOWABOUTIT
BUTWE’REAUDITEDALLTHETIME!?
14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
The‘IMP’
§ Startedin2013§ Tools:
– MassScan– Nmap– Python– X3270– LinuxVPS
§ Databaseof400+mainframes
hkps://mainframesproject.tumblr.com/
InternetMainframesProject
15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ItDoesn’tMa=er
20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
EnterprisesareFlat
§ Manylargeenterprisesexperiencedabreachin2015
§ Flatnetworks
§ Nofirewallbetween“Corporate”networkandmainframe
21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HackingtheUnhackable
§ Fromthenetwork
§ Noknowledgeofthesystem
§ Steps– Gatherinforma\on– Profilethesystem– Launchakacks
Toolsreleased/updatedin2015/2016
22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Nmapin2015/2016
• Anon?• SITE?• OSVersion?
• Informa\on• VTAM?• CICS?• TSO?
• Version?• Nikto?• BURP?• Enumerate?• JavaObjects
23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TN3270Screen
24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
VTAMEnumera\on
25 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TSOUserEnumera\on
26 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
27 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSTransac\onEnumera\on
28 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
29 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwn
30 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwn:TSOShell
31 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwn:TSOShell
32 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
FTPAuthorizedCodeExec
33 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhatCanIDo?
§ Complianceisliterallythestart
§ Justbecauseyou’recompliantdoesn’tmean:– Thecompliancerulesarewelldone– Representcurrentthreats– Matchcurrentbaselines
§ VulnerabilityScanning?
34 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
GapAssessment
§ Compareyourrequirementstoastandard
§ Howdoyoucompareandcontrast?
§ Who’sexper\seareyourelyingon?
35 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
GoBeyondCompliance
§ zAssure?§ Iden\fyingDataAssets?§ LoggingandMonitoring?
– zSecure– IronStream– Vanguard
§ Penetra\onTes\ng?
36 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Ques\ons?
37 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwnh=ps://github.com/ayoul3/cicspwn
NmapScriptsh=ps://github.com/zedsec390/NMAP
Metasploith=ps://github.com/rapid7/metasploit-framework
Contact&ReferencesTwi=er:@mainframed767E-Mail:[email protected]
38 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Stayconnectedatcommuni\es.ca.com
Thankyou.
@CAWORLD#CAWORLD ©2016CA.AllRIGHTSRESERVED.39 @CAWORLD#CAWORLD
MainframeandWorkloadAutoma3on
Formoreinforma\ononMainframeandWorkloadAutoma\on,pleasevisit:hkp://cainc.to/9GQ2JI