Download - Gaps in Your Defense: Hacking the Mainframe
![Page 1: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/1.jpg)
World®’16
GapsinYourDefense:HackingtheMainframePhilipYoung- Co-Founder- ZedSec 390
MFT175S
MAINFRAMEANDWORKLOADAUTOMATION
![Page 2: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/2.jpg)
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.
Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInformationalPurposesOnlyTermsofthisPresentation
![Page 3: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/3.jpg)
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
Themainframeisthemission-essentialbackboneoftheenterprise,housingover70percentofcorporatedata,touchingmorethanhalfofallapplications,andconnectingtotheinternetandInternetofThings(IoT)throughAPIs.However,intheenterprisesecuritydiscussion,themainframeisoftenpresumedtobeinherentlysecure.Thissessionwilldiveintothecurrentstateofmainframeofmainframehacking,whyhackersaretakingalargerinterestintheplatform,adiscussionofcomplianceversussecurityandnextstepsonhowyoucanoptimizethesecurityofyourmostmission-essentialbusinessasset.
PhilipYoungZedSec 390Co-Founder
![Page 4: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/4.jpg)
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Disclaimer
I’mnothereinthenameoforonbehalfofmyemployer.Allopinionsexpressedherearemyown.
PhilipYoungZedSec 390Co-Founder
![Page 5: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/5.jpg)
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 6: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/6.jpg)
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 7: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/7.jpg)
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 8: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/8.jpg)
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 9: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/9.jpg)
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 10: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/10.jpg)
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 11: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/11.jpg)
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLDLogica SecurityIncidentInvestigation:Bilaga_A.pdfSource:https://wikileaks.org/gottfrid-docs/
![Page 12: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/12.jpg)
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLDCastleWallsUnderDigitalSiege:Risk-basedSecurityforz/OS– CAWorld‘15Source:https://www.youtube.com/watch?v=CySiZOaY2T0
![Page 13: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/13.jpg)
13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CommonMyths
IT’SNOTONTHEINTERNET
IT’SIMPENETRABLE
HACKERSDON’TKNOWABOUTITHACKERSDON’TKNOWABOUTIT
BUTWE’REAUDITEDALLOFTHETIME
![Page 14: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/14.jpg)
14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
The‘IMP’
§ Startedin2013
§ Tools:– MassScan– Nmap– Python– X3270– LinuxVPS
§ Databaseof400+mainframes
https://mainframesproject.tumblr.com/
InternetMainframesProject
![Page 15: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/15.jpg)
15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 16: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/16.jpg)
16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 17: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/17.jpg)
17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 18: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/18.jpg)
18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 19: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/19.jpg)
19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ItDoesn’tMatter
![Page 20: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/20.jpg)
20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
EnterprisesareFlat
§ Manylargeenterprisesexperiencedabreachin2015
§ Flatnetworks
§ Nofirewallbetween“Corporate”networkandmainframe
![Page 21: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/21.jpg)
21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HackingtheUnhackable
§ Fromthenetwork
§ Noknowledgeofthesystem
§ Steps– Gatherinformation– Profilethesystem– Launchattacks
Toolsreleased/updatedin2015/2016
![Page 22: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/22.jpg)
22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Nmap in2015/2016
•Anon?•SITE?•OSVersion?
• Information•VTAM?•CICS?•TSO?
•Version?•Nikto?•BURP?•Enumerate?• JavaObjects
![Page 23: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/23.jpg)
23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TN3270Screen
![Page 24: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/24.jpg)
24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
VTAMEnumeration
![Page 25: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/25.jpg)
25 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TSOUserEnumeration
![Page 26: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/26.jpg)
26 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 27: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/27.jpg)
27 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSTransactionEnumeration
![Page 28: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/28.jpg)
28 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Removed
Removed
Removed
![Page 29: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/29.jpg)
29 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwn
![Page 30: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/30.jpg)
30 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwn:TSOShell
![Page 31: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/31.jpg)
31 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwn:TSOShell
![Page 32: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/32.jpg)
32 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
FTPAuthorizedCodeExec
![Page 33: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/33.jpg)
33 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhatCanIDo?
§ Complianceisliterallythestart
§ Justbecauseyou’recompliantdoesn’tmean:– Thecompliancerulesarewelldone– Representcurrentthreats– Matchcurrentbaselines
§ VulnerabilityScanning?
![Page 34: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/34.jpg)
34 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
GapAssessment
§ Compareyourrequirementstoastandard
§ Howdoyoucompareandcontrast?
§ Who’sexpertiseareyourelyingon?
![Page 35: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/35.jpg)
35 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
GoBeyondCompliance
§ zAssure?
§ IdentifyingDataAssets?
§ LoggingandMonitoring?– zSecure– IronStream– Vanguard
§ PenetrationTesting?
![Page 36: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/36.jpg)
36 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwnhttps://github.com/ayoul3/cicspwn
Nmap Scriptshttps://github.com/zedsec390/NMAP
Metasploithttps://github.com/rapid7/metasploit-framework
Contact&ReferencesTwitter:@mainframed767E-Mail:[email protected]
![Page 37: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/37.jpg)
37 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Stayconnectedatcommunities.ca.com
Thankyou.
![Page 38: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/38.jpg)
38 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MustSeeDemos
Real-TimeDataSecurity&Compliance
CADataContentDiscoveryMainframeTheatre
MainframeSecuritySmartBar
CATopSecretMainframeTheatre
Real-TimeDataSecurity&Compliance
CAComplianceEventManagerMainframeTheatre
MainframeSecuritySmartBar
CAACF2MainframeTheatre
![Page 39: Gaps in Your Defense: Hacking the Mainframe](https://reader031.vdocuments.us/reader031/viewer/2022030316/587269c81a28ab31498b562f/html5/thumbnails/39.jpg)
39 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MainframeandWorkloadAutomation
FormoreinformationonMainframeandWorkloadAutomation,pleasevisit:http://cainc.to/9GQ2JI