Have you ever heard about the famous “green screen”? No, it’s not a screensaver… Believe me, it still does exist!
In many industries, although the front-end systems are all new and shiny, in the back-end they still rely on well-known, proven IBM i (aka AS/400) technology for their back-office, core systems. Surprisingly, nobody truly seems to care about the security. Even if these nice IBM heavy black boxes are directly connected to the Internet…
The aim of the talk is to give you more insight in a number of techniques for performing a security test of / securing an IBM i system from perspective of an external and internal intruder. Methods like privilege escalation by nested user switching, getting full system access via JDBC or bypassing the “green screen” (5250) limitations will be presented.
Last but not least: I will also show a undocumented output format of the built-in password transfer API, giving you direct access to all password hashes. Even IBM engineers may wonder…
Bart Kulach: Aged 31, with 14 years of work experience within IT security, risk management and IT operations. Security specialist and experienced supervisor for IT audits, CISA, CISM. Working currently for NN Group in the Netherlands as coordinator for IT audits within Investment and Insurance business units in Europe and Asia. The past 7 years he held various security and risk management related positions. Focused on security of IBM i (aka AS/400, iSeries), website security as well as lean IT processes and architecture.
Xem thêm bài viết khác: https://mcitmc.org/cong-nghe/
Xem thêm Bài Viết:
- Chia sẻ thủ thuật download ArcGIS 10.2 Full Crack cực đơn giản
- Bật mí chi tiết cách bẻ khóa wifi cho điện thoại Android
- Bật mí cách tải iFile và cách cài đặt cho iPhone chi tiết nhất
- Hướng dẫn cách đăng ký Appvn trên Android cực đơn giản, dễ dàng
- Bật mí thủ thuật mod màn hình khóa Android cực đẹp, cực ngầu
Bart thank you for excellent job you proved how easy it is to hack AS400 in my vision you are the kid that shouts the king is naked in IBM paraid
our Firewall for IBM i (AS/400) #IPSecurity https://youtu.be/ln7pkICaYnE
If you use our Firewall for IBM i (AS/400) #IPSecurity https://youtu.be/BmAOvKFy83k bye bye hack. 😉
Listen at twice the speed and the ahhhs and emmms disappear. So let's cut the guy some slack.
So much EEhhhm and uuuh that it was a bit hard to watch.