DEF CON 30 - Jake Labelle - Doing the Impossible - How I Found Mainframe Buffer Overflows




Mainframes run the world, literally. Have you ever paid for something, a mainframe was involved, flown? Used a bank? Gone to college? A mainframe was involved. Do you live in a country with a government? Mainframes! The current (and really only) mainframe OS is z/OS from IBM. If you've ever talked to a mainframer you'll get told how they're more secure because buffer overflows are (were) impossible. This talk will prove them all wrong! Finding exploits on z/OS is no different than any other platform. This talk will walk through how you too can become a mainframe exploit researcher! Remote code execution is extra tricky on a mainframe as almost all sockets read data with the ASCII character set and convert that to EBCDIC for the application. With this talk you will find out how to find and then remotely overflow a vulnerable mainframe C program and create a ASCII - EBCDIC shellcode to escalate your privileges remotely, without auth. Previous mainframe talks focused on infrastructure based attacks. This talk builds on those but adds a class of vulnerabilities, opening up the mainframe hacking community.

Hello and welcome to the temple of cybersecurity. Now you are watching DEF CON 30 - Jake Labelle - Doing the Impossible - How I Found Mainframe Buffer Overflows published at October 20, 2022 at 02:39PM.
For more hacking info and free hacking tutorials visit: https://ift.tt/a0WuFiK
follow us on:

Youtube: https://www.youtube.com/channel/UCiu1SUqoBRbnClQ5Zh9-0hQ/
Whatsapp: https://ift.tt/IUvjYTr
Reddit: https://ift.tt/kdgqKhD
Telegram: https://ift.tt/bQKvCq7
NFT store: https://mintable.app/u/cha0smagick
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/wKuknQA



Ignore tags:
#hacking,#infosec,#tutorial,#bugbounty,#threat,#hunting,#pentest,#hacked,#ethical,#hacker,#cyber,#learn,#security,#computer,#pc,#news

Comments