Skip to content

hacksomeheavymetal/zOS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
README.md
README.md
 
 
default_accounts.txt
default_accounts.txt
 
 
default_cics_transactions.txt
default_cics_transactions.txt
 
 
firststeps.md
firststeps.md
 
 
hyperlinks.md
hyperlinks.md
 
 
pentesting.md
pentesting.md
 
 
tools.md
tools.md
 
 
vocabulary.md
vocabulary.md
 
 

Repository files navigation

Intro

                                PHREAK
                    Look, you wanna be elite? You gotta do a
                    righteous hack. None of this accidental shit.

                                CEREAL
                    Oh yeah, you want a seriously righteous hack,
                    you score one of those Gibsons man. You know,
                    supercomputers they use to like, do physics,
                    and look for oil and stuff?

                                PHREAK
                    Ain't no way, man, security's too tight. The
                    big iron?

                                DADE
                    Maybe. But, if I were gonna hack some heavy
                    metal, I'd, uh, work my way back through some
                    low security, and try the back door.

Motivation

Regardless of anakata's intentions one thing is certain, thanks to him
some people got hooked and started to talk about the security of
mainframes.  Since then, few individuals, and before that even fewer,
did their best sharing their knowledge in the field and contributing to
the infosec and mainframe communities. This however was still not enough
to close the gap between mainframes and the rest of the world.

I'm kicking-off a libre project by sharing the bits and pieces gathered
over the years on the subject.  I want to encourage you to contribute so
we can build together a go to place for everyone who would like to have
fun and learn about mainframe security.

TODO

No ideas what to contribute? We need these (in no particular order), e.g.:

  • More username/password combos from those cracked RACF DBs.
  • Add a high quality content in pentesting methodology with focus on the verified command samples & tools.
  • Samples of a vulnerable code and the list of programming mistakes with focus on REX, COBOL, ASM etc.
  • Add information about tools and techniques on z/OS for compilation, debugging code/apps, SAST/DAST, reversing etc.
  • If not available, create FLOSS tool(s) for exploiting/testing/verifying vulnerabilities/misconfigurations/techniques.
  • Create a VM image (e.g. vagrant) with everything that's required to run a local z/OS instance.

Resources

Contact

Just create a new issue...

About

z/OS - all things security

Resources

Readme
Activity

Stars

78 stars

Watchers

11 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •