Tweet
Jake Labelle - Doing the Impossible: How I Found Mainframe Buffer Overflows
Jake Labelle, Hacker
Presentation Title: Doing the Impossible: How I Found Mainframe Buffer Overflows
Length of presentation: 45 minutes
Demo, tool, Exploit
Mainframes run the world, literally. Have you ever paid for something,
a mainframe was involved, flown? Used a bank? Gone to college? A
mainframe was involved. Do you live in a country with a government?
Mainframes! The current (and really only) mainframe OS is z/OS from
IBM. If you've ever talked to a mainframer you'll get told how they're
more secure because buffer overflows are (were) impossible. This talk
will prove them all wrong!
Finding exploits on z/OS is no different than any other platform. This
talk will walk through how you too can become a mainframe exploit
researcher!
Remote code execution is extra tricky on a mainframe as almost all
sockets read data with the ASCII character set and convert that to
EBCDIC for the application. With this talk you will find out how to
find and then remotely overflow a vulnerable mainframe C program and
create a ASCII -> EBCDIC shellcode to escalate your privileges
remotely, without auth. Previous mainframe talks focused on
infrastructure based attacks. This talk builds on those but adds a
class of vulnerabilities, opening up the mainframe hacking community.
Hi, I'm Jake, a security consultant from Basingstoke, UK. Over the
pandemic, I got my hands on a licensed emulator for z/OS , and
considering that we have been in and out of lockdown for the past two
years, I started playing around with it for a fairly good portion of
time. As someone who adores the 80s cyber aesthetic, I love mucking
around with it, but also there is nothing legacy about mainframes,
docker, node js, python all your modern applications/programs are on
there. Over the past year, I have found and reported a number of z/OS
LPEs and RCEs vulns to IBM.
twitter: @Jabellz2
[]
Jake Labelle, Hacker
Presentation Title: Doing the Impossible: How I Found Mainframe Buffer Overflows
Length of presentation: 45 minutes
Demo, tool, Exploit
Mainframes run the world, literally. Have you ever paid for something,
a mainframe was involved, flown? Used a bank? Gone to college? A
mainframe was involved. Do you live in a country with a government?
Mainframes! The current (and really only) mainframe OS is z/OS from
IBM. If you've ever talked to a mainframer you'll get told how they're
more secure because buffer overflows are (were) impossible. This talk
will prove them all wrong!
Finding exploits on z/OS is no different than any other platform. This
talk will walk through how you too can become a mainframe exploit
researcher!
Remote code execution is extra tricky on a mainframe as almost all
sockets read data with the ASCII character set and convert that to
EBCDIC for the application. With this talk you will find out how to
find and then remotely overflow a vulnerable mainframe C program and
create a ASCII -> EBCDIC shellcode to escalate your privileges
remotely, without auth. Previous mainframe talks focused on
infrastructure based attacks. This talk builds on those but adds a
class of vulnerabilities, opening up the mainframe hacking community.
Hi, I'm Jake, a security consultant from Basingstoke, UK. Over the
pandemic, I got my hands on a licensed emulator for z/OS , and
considering that we have been in and out of lockdown for the past two
years, I started playing around with it for a fairly good portion of
time. As someone who adores the 80s cyber aesthetic, I love mucking
around with it, but also there is nothing legacy about mainframes,
docker, node js, python all your modern applications/programs are on
there. Over the past year, I have found and reported a number of z/OS
LPEs and RCEs vulns to IBM.
twitter: @Jabellz2
[]