20521: Mainframe Blackbox Network Pentesting: From Zero Access to Complete Compromise
Project and Program:
Service Delivery,
Security and Compliance,
CICS Enterprise Architecture Network Security & Management Open Source
Tags:
Proceedings,
SHARE DC 2025,
2025
Unlike the distributed world where microservices run in containers on multiple
different hosts, in the mainframe world everything is typically run from only a
handful of LPARs. As a result, mainframes have a much larger network footprint
directly correlating to their threat landscape. This talk will walk through
network service enumeration, demonstrating a typical z/OS blackbox network
pentest and how easy it is for attackers to go from zero access to complete LPAR
compromise. Using a variety of examples, attendees will gain a better
understanding of the risk of exposed network services. While most presentations
on this topic focus on TCP/IP, this talk will also demonstrate how to take
advantage of SNA network configurations which allows attackers to tunnel deeper
into your environment. Live demonstrations of our attack techniques will be
shown using open source and freely available tooling, allowing you to conduct
this testing yourself.
Back to Proceedings File Library