In early 2012 a hacker was walking through the robust security controls of an IBM mainframe in Sweden like they weren’t even there.
At the same time a (potentially) different hacker was trying to steal 800,000 euro from a Norwegian bank by hacking an IBM mainframe . On the other side of the world Phil Young (Soldier of Fortran) was warning people that this exact thing could happen and got investigated by the Swedish Secret Police for it. This talk will give you many things: A deep fear for the lack of security surrounding the IBM mainframe, an detailed walkthrough of how a hacker from Cambodia was able to breach two (that we know of) Mainframes on the other side of the world, a detailed understanding of the operating system and the security controls therein (z/OS specifically) and will show you new and currently existing tools to help you pentest your own mainframe. Many corporations still use mainframes as part of their critical infrastructure. It’s time you learned how to assess these machines appropriately so we don’t face a stuxnet moment on these corporate mainstays of transaction processing.