52586: Attacking OMVS: Yet Another Mainframe Vulnerability Source
Project and Program:
z/OS Systems Programming,
Service Delivery,
Security and Compliance
Tags:
Proceedings,
SHARE DC 2025,
2025
You may have heard tales of mainframe pentesting and exploitation before -
mostly from us! Those stories often focused on the MVS/ISPF side of the
platform. But did you know that all those same tricks (and more!) can be pulled
off in z/OS Unix System Services (OMVS) as well? The cyber threat landscape
presents multiple unique attack paths when it comes to Unix on the mainframe. In
this talk, we'll present live demos of real-world scenarios we've encountered
during mainframe penetration tests. These examples will showcase what can happen
with poor file hygiene leading to database compromises, inadequate file
permissions enabling privilege escalation, lack of ESM resource understanding
allowing for privileged command execution, and how dataset protection won't save
you from these attacks. Attendees will learn how to test these controls
themselves using freely available open-source tools. We'll demonstrate how to
infiltrate and exfiltrate tools and data, the various methods an advanced threat
actor could use for privilege escalation, and how to (partially) detect these
attacks. By the end, it will be clear that simply granting access to Unix can be
just as dangerous, if not more so, than giving access to TSO on the mainframe.
Back to Proceedings File Library