Deconstructing DeFeNeStRaTe.C
Project and Program:
Enterprise Data Center,
Security and Compliance
Tags:
Proceedings,
SHARE Sacramento 2018,
2018
In 2012 a hacker in Cambodia gained unauthorized access to a mainframe in Sweden. This breach has been talked about in depth by this speaker and many others. One little known aspect of the breach was the release of a program on pastebin called 'DeFeNeStRaTe.C'. This program uses a buffer overflow attack against an APF authorized Unix (USS) program: IOELMD10.
In this session we will walk through exactly what the attack does, how it worked, a demo against an APF authorized program in Unix on z/OS and how you can detect and protect APF authorized Unix programs. If you wish to prepare the source code is available here: https://github.com/mainframed/logica/blob/master/DeFeNeStRaTe.C-Philip Young-Security
Back to Proceedings File Library