ca world - mft1755 - gaps in your defense hacking the mainframe - philip young
TRANSCRIPT
![Page 1: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/1.jpg)
World®’16
GapsinyourDefense:HackingtheMainframePhilipYoung,Co-Founder,ZedSec390
MFT1755
MAINFRAMEANDWORKLOADAUTOMATION
![Page 2: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/2.jpg)
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespec\vecompanies.
ThecontentprovidedinthisCAWorld2016presenta\onisintendedforinforma\onalpurposesonlyanddoesnotformanytypeofwarranty.Theinforma\onprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInforma\onalPurposesOnlyTermsofthisPresenta\on
![Page 3: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/3.jpg)
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
Themainframeisthemission-essen\albackboneoftheenterprise,housingover70percentofcorporatedata,touchingmorethanhalfofallapplica\ons,andconnec\ngtotheinternetandInternetofThings(IoT)throughAPIs.However,intheenterprisesecuritydiscussion,themainframeisoaenpresumedtobeinherentlysecure.Thissessionwilldiveintothecurrentstateofmainframeofmainframehacking,whyhackersaretakingalargerinterestintheplaborm,adiscussionofcomplianceversussecurityandnextstepsonhowyoucanop\mizethesecurityofyourmostmission-essen\albusinessasset.
PhilipYoung
ZedSec390Co-Founder
![Page 4: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/4.jpg)
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Disclaimer
I’mnothereinthenameoforonbehalfofmyemployer.Allopinionsexpressedherearemyown.
PhilipYoung
ZedSec390Co-Founder
![Page 5: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/5.jpg)
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 6: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/6.jpg)
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 7: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/7.jpg)
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 8: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/8.jpg)
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 9: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/9.jpg)
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 10: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/10.jpg)
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 11: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/11.jpg)
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLDLogicaSecurityIncidentInves3ga3on:Bilaga_A.pdfSource:h=ps://wikileaks.org/goArid-docs/
![Page 12: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/12.jpg)
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLDCastleWallsUnderDigitalSiege:Risk-basedSecurityforz/OS–CAWorld‘15Source:h=ps://www.youtube.com/watch?v=CySiZOaY2T0
![Page 13: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/13.jpg)
13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CommonMyths
IT’SNOTONTHEINTERNET
IT’SIMPENETRABLE
HACKERSDON’TKNOWABOUTITHACKERSDON’TKNOWABOUTIT
BUTWE’REAUDITEDALLTHETIME!?
![Page 14: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/14.jpg)
14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
The‘IMP’
§ Startedin2013§ Tools:
– MassScan– Nmap– Python– X3270– LinuxVPS
§ Databaseof400+mainframes
hkps://mainframesproject.tumblr.com/
InternetMainframesProject
![Page 15: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/15.jpg)
15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 16: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/16.jpg)
16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 17: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/17.jpg)
17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 18: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/18.jpg)
18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 19: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/19.jpg)
19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ItDoesn’tMa=er
![Page 20: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/20.jpg)
20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
EnterprisesareFlat
§ Manylargeenterprisesexperiencedabreachin2015
§ Flatnetworks
§ Nofirewallbetween“Corporate”networkandmainframe
![Page 21: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/21.jpg)
21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HackingtheUnhackable
§ Fromthenetwork
§ Noknowledgeofthesystem
§ Steps– Gatherinforma\on– Profilethesystem– Launchakacks
Toolsreleased/updatedin2015/2016
![Page 22: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/22.jpg)
22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Nmapin2015/2016
• Anon?• SITE?• OSVersion?
• Informa\on• VTAM?• CICS?• TSO?
• Version?• Nikto?• BURP?• Enumerate?• JavaObjects
![Page 23: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/23.jpg)
23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TN3270Screen
![Page 24: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/24.jpg)
24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
VTAMEnumera\on
![Page 25: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/25.jpg)
25 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TSOUserEnumera\on
![Page 26: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/26.jpg)
26 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 27: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/27.jpg)
27 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSTransac\onEnumera\on
![Page 28: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/28.jpg)
28 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 29: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/29.jpg)
29 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwn
![Page 30: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/30.jpg)
30 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwn:TSOShell
![Page 31: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/31.jpg)
31 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwn:TSOShell
![Page 32: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/32.jpg)
32 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
FTPAuthorizedCodeExec
![Page 33: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/33.jpg)
33 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhatCanIDo?
§ Complianceisliterallythestart
§ Justbecauseyou’recompliantdoesn’tmean:– Thecompliancerulesarewelldone– Representcurrentthreats– Matchcurrentbaselines
§ VulnerabilityScanning?
![Page 34: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/34.jpg)
34 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
GapAssessment
§ Compareyourrequirementstoastandard
§ Howdoyoucompareandcontrast?
§ Who’sexper\seareyourelyingon?
![Page 35: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/35.jpg)
35 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
GoBeyondCompliance
§ zAssure?§ Iden\fyingDataAssets?§ LoggingandMonitoring?
– zSecure– IronStream– Vanguard
§ Penetra\onTes\ng?
![Page 36: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/36.jpg)
36 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Ques\ons?
![Page 37: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/37.jpg)
37 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwnh=ps://github.com/ayoul3/cicspwn
NmapScriptsh=ps://github.com/zedsec390/NMAP
Metasploith=ps://github.com/rapid7/metasploit-framework
Contact&ReferencesTwi=er:@mainframed767E-Mail:[email protected]
![Page 38: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/38.jpg)
38 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Stayconnectedatcommuni\es.ca.com
Thankyou.
![Page 39: CA World - mft1755 - gaps in your defense hacking the mainframe - philip young](https://reader031.vdocuments.site/reader031/viewer/2022022414/587be2671a28ab834d8b7cf5/html5/thumbnails/39.jpg)
@CAWORLD#CAWORLD ©2016CA.AllRIGHTSRESERVED.39 @CAWORLD#CAWORLD
MainframeandWorkloadAutoma3on
Formoreinforma\ononMainframeandWorkloadAutoma\on,pleasevisit:hkp://cainc.to/9GQ2JI