LBRY Block Explorer • Claim • black-hat-usa-2018-mainframe-z-os

LBRY Claims • black-hat-usa-2018-mainframe-z-os

309113e5a732d3280acfa8ff335e7d5541f84a05

Published By

@HackersOnBoard

Created On

2 Sep 2020 11:38:31 UTC

Transaction ID

d7eb37b4530b87cae5e648bfacdda4e42fbe32484c0d7f5c8fd4bf7948eefcac

Cost

Safe for Work

Free

Yes

Black Hat USA 2018 - Mainframe [z/OS] Reverse Engineering and Exploit Development

Speak with any Fortune 500 running mainframe and they'll tell you two things: (1) without their mainframes they'd be out of business (2) they do not conduct any security research on them, let alone vulnerability scans. The most infuriating part is that mainframes are simply computers, they're different from what you're used to, but that doesn't mean they can't be hacked. Previous talks about this topic have covered the platform from a high level, imploring you to do the basics. This talk continues this series of talks, given by others, around mainframe hacking. Previously covered topics included network penetration testing and privilege escalation. To complement those talks, this talk will expose attendees to the various tools that exist on the platform to help you do your own reverse engineering, followed by detailed steps on how to start your own exploit development. Attendees will learn what debuggers are available on the platform, such as dbx and ASMIDF, as well as the challenges you'll have using them. After learning how to RE, attendees will then learn how to develop their own exploits and buffer overflows on the platform using C, assembler and JCL. A demo program will be used to teach all these items so people can follow along. Topics included in this discussion are APF authorization, bypassing RACF/ACEE, TSO, Unix System Services.
...
https://www.youtube.com/watch?v=opBLBYAR8tU

Author

Content Type

Unspecified

video/mp4

Language

Unspecified

Open in LBRY

More from the publisher

Controlling

VIDEO

DEF C

def-con-24-backdooring-the-frontdoor

lbry://@HackersOnBoard/def-con-24-backdooring-the-frontdoor

Jmaxxz Hacker As our homes become smarter and more connected we come up with new ways of reasoning about our privacy and security. Vendors promise security, but provide little technical information to back up their claims. Further complicating the matter, many of these devices are closed systems which can be difficult to assess. This talk will explore the validity of claims made by one smart lock manufacturer about the security of their product. The entire solution will be deconstructed and examined all the way from web services to the lock itself. By exploiting multiple vulnerabilities Jmaxxz will demonstrate not only how to backdoor a front door, but also how to utilize these same techniques to protect your privacy. Jmaxxz works as a software engineer for a Fortune 100 company, and is a security researcher for pleasure. His FlashHacker program was featured in Lifehacker's most popular free downloads of 2010. More recently he has contributed to the node_pcap project which allows interfacing with libpcap from node. His other interests include lock picking and taking things apart. Twitter: @jmaxxz ... https://www.youtube.com/watch?v=oBTl-jCtNDA

Transaction

Created

4 months ago

Content Type

Language

video/mp4

Controlling

VIDEO

DEF C

def-con-27-omer-gull-select-code

lbry://@HackersOnBoard/def-con-27-omer-gull-select-code

Everyone knows that databases are the crown jewels from a hacker's point of view, but what if you could use a database as the hacking tool itself? We discovered that simply querying a malicious SQLite database - can lead to Remote Code Execution. We used undocumented SQLite3 behavior and memory corruption vulnerabilities to take advantage of the assumption that querying a database is safe. How? We created a rogue SQLite database that exploits the software used to open it.Exploring only a few of the possibilities this presents we’ll pwn password stealer backends while they parse credentials files and achieve iOS persistency by replacing its Contacts database… The landscape is endless (Hint: Did someone say Windows 10 0-day?). This is extremely terrifying since SQLite3 is now practically built-in to any modern system. In our talk we also discuss the SQLite internals and our novel approach for abusing them. We had to invent our own ROP chain technique using nothing but SQL CREATE statements. We used JOIN statements for Heap Spray and SELECT subqueries for x64 pointer unpacking and arithmetics. It's a new world of using the familiar Structured Query Language for exploitation primitives,laying the foundations for a generic leverage of memory corruption issues in database engines. ... https://www.youtube.com/watch?v=JokZUjwGj4M

Transaction

Created

4 months ago

Content Type

Language

video/mp4

Controlling

VIDEO

DEF C

def-con-25-nathan-seidle-open-source

lbry://@HackersOnBoard/def-con-25-nathan-seidle-open-source

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. ... https://www.youtube.com/watch?v=mYAiiOUhH8E

Transaction

Created

4 months ago

Content Type

Language

video/mp4

Controlling

VIDEO

32C3

32c3-replication-prohibited

lbry://@HackersOnBoard/32c3-replication-prohibited

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. ... https://www.youtube.com/watch?v=8g6gF8b2kT8

Transaction

Created

4 months ago

Content Type

Language

video/mp4

Controlling

VIDEO

BLACK

black-hat-usa-2016-hacking-next-gen-atms

lbry://@HackersOnBoard/black-hat-usa-2016-hacking-next-gen-atms

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. ... https://www.youtube.com/watch?v=oBSOXMv38d4

Transaction

Created

4 months ago

Content Type

Language

video/mp4

Controlling

VIDEO

28C3

28c3-quantified-self-and-neurofeedback

lbry://@HackersOnBoard/28c3-quantified-self-and-neurofeedback

... https://www.youtube.com/watch?v=Jxi8tBiiK-Y

Transaction

Created

4 months ago

Content Type

Language

video/mp4

English

Controlling

VIDEO

DEF C

def-con-24-panel-ask-the-eff

lbry://@HackersOnBoard/def-con-24-panel-ask-the-eff

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. ... https://www.youtube.com/watch?v=6tsJ0J4OfEA

Transaction

Created

4 months ago

Content Type

Language

video/mp4

Controlling

VIDEO

31C3

31c3-the-only-thing-we-know-about

lbry://@HackersOnBoard/31c3-the-only-thing-we-know-about

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. ... https://www.youtube.com/watch?v=IVq7epnJYa4

Transaction

Created

4 months ago

Content Type

Language

video/mp4

Controlling

VIDEO

31C3

31c3-mining-for-bugs-with-graph-database

lbry://@HackersOnBoard/31c3-mining-for-bugs-with-graph-database

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. ... https://www.youtube.com/watch?v=brLjYw7tgKk

Transaction

Created

4 months ago

Content Type

Language

video/mp4