Awesome Lists
Top Projects
Most Links
Search
About
Add Project
Awesome-Mainframe-Hacking
GitHub
413
stars
23
watching
66
forks
last commit:
about 2 years ago
↑ IBM zSeries / ↑ Books
Mainframe Basics for Security Professionals_ Getting Started with RACF - Ori Pomerantz, Barbara Vander Weele, Mark E. Nelson, Tim Hahn (2008, IBM Press)
Amazon -
IBM Redbooks - Introduction to the New Mainframe: z/OS Basics
Amazon -
PoCorGTFO#12 - Page 32 - A JCL Adventure with Network Job Entry
PDF -
↑ IBM zSeries / ↑ Tutorials
Emulating a MVS/zOS with Hercules
bigiron - Wiki/Collection of materials related to IBM z/OS security
42
almost 9 years ago
TSO Tutorial
Z/OS Introduction- An IBM Redbooks video course
Multiple Mainframe Security guides from Chicago Classic Computing
Using UNIX System Services to escalate your privileges on z/OS
The crash course to z/OS pentesting
79
over 4 years ago
by
↑ IBM zSeries / ↑ Scripts and Tools
TN3270 Clients - X3270
Multipurpose Nmap Scripts
9,980
8 days ago
↑ IBM zSeries / ↑ Scripts and Tools / Multipurpose Nmap Scripts
tn3270-screen.nse
tso-enum.nse
tso-brute.nse
vtam-enum.nse
lu-enum.nse
cics-enum.nse
cics-info.nse
cics-user-brute.nse
cics-user-enum.nse
↑ IBM zSeries / ↑ Scripts and Tools
TPX Brute - The z/OS TPX logon panel brute forcer
17
over 6 years ago
RACF Database Parser
10
6 months ago
↑ IBM zSeries / ↑ Scripts and Tools / Mainframe Application pentesting (CICS etc.)
CICSPwn
84
almost 4 years ago
BIRP
122
almost 3 years ago
CICSshot - Take screenshots of CICS
6
about 8 years ago
Hacked wc3270 emulator
6
about 8 years ago
↑ IBM zSeries / ↑ Scripts and Tools / zOS Enumeration Scripts
All in one Enumeration of information like VERSION, APF Libraries, SVCs, USERS etc. on Z/OS
62
about 1 month ago
Collection of REXX Scripts by @ayoul3__
25
over 7 years ago
SETRRCVT by @jaytay79
32
over 2 years ago
↑ IBM zSeries / ↑ Scripts and Tools
FTP - JCL commmand execution - Metasploit Modules by @bigendiansmalls
33,868
3 days ago
Metasploit Payloads for z/OS
33,868
3 days ago
NC110-OMVS Netcat for z/OS OMVS
10
over 11 years ago
TShOcker - Mini command interpreter for TSO & UNIX accessible by NetCat
24
almost 6 years ago
zOS Privilege Escalation scripts by ayoul3__
78
about 5 years ago
Note on TESTAUTH command for running a program in elevated state
5
almost 5 years ago
zOSFTPlib - python ftplib-like library specifically for Z/OS
↑ IBM zSeries / ↑ Presentations and Talks
Video - All the talks by Soldier of FORTRAN (@mainframed767)
How to Break into z/OS Systems - Staurt Henderson
How to Break Into z/OS Systems Through USS, TCP/IP, and the Internet
Video - Mainframe [z/OS] Reverse Engineering & Exploit Development by @bigendiansmalls
Video - Security Necromancy : Further Adventures in Mainframe Hacking by Soldier of FORTRAN (@mainframed767) & @bigendiansmalls
Top 10 Security Vulnerabilities in z/OS by John Hillman (Vanguard)
The current state of Mainframe Hacking by Phil Young - Soldier of FORTRAN (@mainframed767)
Advanced Mainframe Hacking by Phil Young - Soldier of FORTRAN (@mainframed767)
Defcon 22 From ROOT to SPECIAL - Soldier of FORTRAN (@mainframed767)
Mainframes: What the F$#K is That About? - Soldier of FORTRAN (@mainframed767)
BSidesAustin Mainframes: Everybody has one but nobody knows how to hack them - Soldier of FORTRAN (@mainframed767)
BSidesLV 2013 - Legacy 0-Day How hackers breached the Logica Mainframe - Soldier of FORTRAN (@mainframed767)
Gaps in your Defense: Hacking the Mainframe by Soldier of FORTRAN (@mainframed767)
Video - Gaps in your Defense: Hacking the Mainframe by Soldier of FORTRAN (@mainframed767)
Hacking Mainframes; Vulnerabilities in applications exposed over TN3270 by Dominic White (Sensepost)
Video - Hacking Mainframes; Vulnerabilities in applications exposed over TN3270 by Dominic White (Sensepost)
Video - Ransomware on the Mainframe: Checkmate by @bigendiansmalls
Video - Learning Mainframe Hacking: Where the hell did all my free time go? by @bigendiansmalls
Post exploit goodness on a Mainframe SPECIAL is the new root by (@ayoul3__)
Video - Hacking Customer Information Control System (CICS) by Ayoub Elaassal (@ayoul3__)
Video - IBM Networking Attacks-Or The Easiest Way To Own A Mainframe by Martyn Ruks
Video - Cracking Mainframe Passwords by Nigel Pentland
Video - Exploiting the Mainframe - Z/OS integrity 101 by Mark Wilson & Ray Overby
Video - A Gentle Introduction to Hacking Mainframes by Dan Helton
PDF- Talk - Gibson 101 - Quick Introduction to Hacking Mainframes in 2020
Video - Buffer overflow on the mainframe, presented by Jake Labelle
PDF- Talk - How I Found Mainframe Buffer Overflows by Jake Labelle
↑ IBM zSeries / ↑ ACF2 Specific references
CA ACF2 for z/OS - 16.0 Documentation
GIAC - ACF2 Mainframe Security
↑ IBM zSeries / ↑ Labs
Mainframe Hacking - Choose Your own Adventure Game
DVCA - Damn Vulnerable CICS Application
20
7 months ago
DC30 - Mainframe Buffer Overflows Workshop Container
86
7 months ago
↑ IBM zSeries / ↑ Misc
Evil Mainframe Hacking Training/Course
CBT Tape - Collection of Freeware & Open Source distribution of IBM mainframe MVS & OS/360 Environments
z/OS Internet Library by IBM - Collection of manuals,guides & books about z/OS
DoD Security Technical implementation Guides(STIGS) - Search for ACF2, Z/OS, RACF etc.
Default Accounts
79
over 4 years ago
↑ IBM iSeries / ↑ iSeries Books
Hacking iSeries by Shalom Carmel
Amazon -
Mastering IBM i: The Complete Resource for Today's IBM i System by Jim Buck & Jerry Fottral
Amazon -
Experts' Guide to OS/400 & i5/OS Security by Carol Woodbury & Patrick Botz
Amazon -
The IBM AS400 A technical introduction
PDF -
↑ IBM iSeries / ↑ Tutorials and Checklists
AS/400 Security Assessment Mindmap
iSeries Penetration Testing
Security Audit of IBM AS/400 and System i : Part 1
Security Audit of IBM AS/400 and System i : Part 2
Security Assessment of the IBM i (AS 400) System : Part 1
Seclists Mailing list thread on Pentesting AS/400
Resources from Shalom Carmel's talk at BH Europe - 2006
↑ IBM iSeries / ↑ Tools
hack400tool - security handling tools for IBM Power Systems (formerly known as AS/400)
95
over 6 years ago
Hash generator for IBM System i hashes (DES, SHA-1)
AS/400 SHA-1 hash format plugin for John the Ripper
↑ IBM iSeries / ↑ iSeries Presentations and Talks
Hack the Legacy: IBM I aka AS400 Revealed by Bart Kulach
AS/400 for pentesters by Shalom Carmel
AS/400: Lifting the Veil of Obscurity
↑ IBM iSeries / ↑ Miscellaneous
AS400i.com
Hack The Legacy Website