samanL33T/Awesome-Mainframe-Hacking
GitHub: samanL33T/Awesome-Mainframe-Hacking
一份专注于IBM大型机(zSeries和iSeries)渗透测试与安全研究的优质资源合集,帮助安全人员系统掌握大型机攻防技术。
Stars: 485 | Forks: 73
# 极客大底板(大型机)黑客资源
   
极客大型机黑客/渗透测试资源列表。
本列表汇总了互联网上可用于学习大型机渗透测试与安全的资源。
特别感谢 [@mainframed767](https://twitter.com/mainframed767)、[@bigendiansmalls](https://twitter.com/bigendiansmalls)、[@ayoul3__](https://twitter.com/ayoul3__) 以及许多其他研究人员在该领域所做的所有工作。
欢迎[贡献](contributing.md)!
# 目录
* [IBM zSeries](#-IBM-zSeries)
* [书籍](#-Books)
* [教程](#-Tutorials)
* [脚本与工具](#-Scripts-and-Tools)
* [演示与演讲](#-Presentations-and-Talks)
* [ACF2 专项参考](#-ACF2-Specific-references)
* [漏洞环境/实验室](#-labs)
* [杂项](#-misc)
* [IBM iSeries](#-IBM-iSeries)
* [iSeries 书籍](#-iSeries-Books)
* [教程与检查清单](#-Tutorials-and-Checklists)
* [工具](#-Tools)
* [iSeries 演示与演讲](#-iSeries-Presentations-and-Talks)
* [综合杂项](#-miscellaneous)
# [↑](#table-of-contents) IBM zSeries
## [↑](#table-of-contents) 书籍
* Amazon - [面向安全专业人士的大型机基础:RACF 入门 - Ori Pomerantz, Barbara Vander Weele, Mark E. Nelson, Tim Hahn (2008, IBM Press)](https://www.amazon.com/Mainframe-Basics-Security-Professionals-paperback/dp/0133763048)
* Amazon - [IBM Redbooks - 新大型机介绍:z/OS 基础](https://www.amazon.com/Introduction-New-Mainframe-OS-Basics/dp/0738435341)
* PDF - [PoCorGTFO#12 - 第 32 页 - A JCL Adventure with Network Job Entry](https://www.exploit-db.com/download/40624)
## [↑](#table-of-contents) 教程
* [使用 Hercules 模拟 MVS/zOS](https://famicoman.com/2018/06/28/emulating-a-z-os-mainframe-with-hercules/)
* [bigiron - IBM z/OS 安全相关维基/资料合集](https://github.com/v-p-b/bigiron)
* [TSO 教程](http://www.jaymoseley.com/hercules/tso_tutor/tsotutor.htm)
* [Z/OS 简介- IBM Redbooks 视频课程](https://www.redbooks.ibm.com/redbooks.nsf/redbookabstracts/crse0304.html?Open)
* [来自 Chicago Classic Computing 的多篇大型机安全指南](http://chiclassiccomp.org/docs/content/computing/IBM/Mainframe/MainframeSecurity/)
* [使用 UNIX System Services 在 z/OS 上提升你的权限](https://www.bigendiansmalls.com/all-aboard-the-uss-exploits/)
* [@hacksomeheavymetal](https://github.com/hacksomeheavymetal) 的 [z/OS 渗透测试速成课程](https://github.com/hacksomeheavymetal/zOS/blob/master/pentesting.md)
## [↑](#table-of-contents) 脚本与工具
* [TN3270 客户端 - X3270](http://x3270.bgp.nu/)
* [多用途 Nmap 脚本](https://github.com/nmap/nmap/tree/master/scripts)
* [tn3270-screen.nse](https://nmap.org/nsedoc/scripts/tn3270-screen.html)
* [tso-enum.nse](https://nmap.org/nsedoc/scripts/tso-enum.html)
* [tso-brute.nse](https://nmap.org/nsedoc/scripts/tso-brute.html)
* [vtam-enum.nse](https://nmap.org/nsedoc/scripts/vtam-enum.html)
* [lu-enum.nse](https://nmap.org/nsedoc/scripts/lu-enum.html)
* [cics-enum.nse](https://nmap.org/nsedoc/scripts/cics-enum.html)
* [cics-info.nse](https://nmap.org/nsedoc/scripts/cics-info.html)
* [cics-user-brute.nse](https://nmap.org/nsedoc/scripts/cics-user-brute.html)
* [cics-user-enum.nse](https://nmap.org/nsedoc/scripts/cics-user-enum.html)
* [TPX Brute - z/OS TPX 登录面板暴力破解工具](https://github.com/quentinhardy/TPX-Brute)
* [RACF 数据库解析器](https://github.com/bigendiansmalls/racfdbparse)
* 大型机应用程序渗透测试 (CICS 等)
* [CICSPwn](https://github.com/ayoul3/cicspwn)
* [BIRP](https://github.com/sensepost/birp)
* [CICSshot - 获取 CICS 的屏幕截图](https://github.com/ayoul3/cicsshot)
* [被破解的 wc3270 模拟器](https://github.com/ayoul3/wc3270_hacked)
* zOS 枚举脚本
* [在 Z/OS 上全面枚举诸如 VERSION、APF Libraries、SVCs、USERS 等信息](https://github.com/mainframed/Enumeration)
* [@ayoul3__ 的 REXX 脚本合集](https://github.com/ayoul3/Rexx_scripts)
* [@jaytay79 的 SETRRCVT](https://github.com/jaytay79/zos/blob/master/SETRRCVT.rexx)
* [FTP - JCL 命令执行 - @bigendiansmalls 的 Metasploit 模块](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/mainframe/ftp/ftp_jcl_creds.md)
* [用于 z/OS 的 Metasploit Payloads](https://github.com/rapid7/metasploit-framework/tree/12198a088132f047e0a86724bc5ebba92a73ac66/modules/payloads/singles/cmd/mainframe)
* [NC110-OMVS z/OS OMVS 的 Netcat](https://github.com/mainframed/NC110-OMVS)
* [TShOcker - 可通过 NetCat 访问的 TSO 和 UNIX 迷你命令解释器](https://github.com/mainframed/TShOcker)
* [ayoul3__ 的 zOS 权限提升脚本](https://github.com/ayoul3/Privesc)
* [关于 TESTAUTH 命令在提权状态下运行程序的说明](https://github.com/zBit31/testauth)
* [zOSFTPlib - 专为 Z/OS 设计的类似 python ftplib 的库](https://pypi.org/project/zosftplib/)
## [↑](#table-of-contents) 演示与演讲
* [视频 - Soldier of FORTRAN (@mainframed767) 的所有演讲](https://www.youtube.com/playlist?list=PLBVy6TfEpKmEL56fb5AnZCM8pXXFfJS0n)
* [如何入侵 z/OS 系统 - Staurt Henderson](http://www.stuhenderson.com/XBRKZTXT.PDF)
* [如何通过 USS、TCP/IP 和互联网入侵 z/OS 系统](http://www.stuhenderson.com/STUuss01.pdf)
* [视频 - @bigendiansmalls 的大型机 [z/OS] 逆向工程与漏洞利用开发](https://www.bigendiansmalls.com/files/us-18-Rikansrud-Mainframe-[zOS]-Reverse-Engineering-and-Exploit-Development_Publish.mp4)
* [视频 - 安全死灵法术:大型机黑客的进一步冒险,作者:Soldier of FORTRAN (@mainframed767) & @bigendiansmalls](https://www.youtube.com/watch?v=LgmqiugpVyU)
* [z/OS 十大安全漏洞,作者:John Hillman (Vanguard)](https://chapters.theiia.org/fort-worth/ChapterDocuments/zOS%20Security%20Audit%20Top%20Ten%20-%20ISACA.pdf)
* [大型机黑客的现状,作者:Phil Young - Soldier of FORTRAN (@mainframed767)](https://www.slideshare.net/PhilipYoung14/philip-young-current-state-of-mainframe-hacking-vanguard-101016)
* [高级大型机黑客技术,作者:Phil Young - Soldier of FORTRAN (@mainframed767)](https://www.slideshare.net/PhilipYoung14/advanced-mainframe-hacking)
* [Defcon 22 从 ROOT 到 SPECIAL - Soldier of FORTRAN (@mainframed767)](https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20presentations/DEF%20CON%2022%20-%20Philip-Young-From-root-to-SPECIAL-Hacking-IBM-Mainframes.pdf)
* [大型机:这到底是怎么回事?- Soldier of FORTRAN (@mainframed767)](https://www.dropbox.com/s/zl7suai6g1558yl/April%202013%20-%20ThotCon%202013%20-%20Mainframes-%20What%20the%20fuck%20is%20that%20about-.pdf)
* [BSidesAustin 大型机:每个人都有,但没人知道怎么黑掉它 - Soldier of FORTRAN (@mainframed767)](https://www.dropbox.com/s/8vdrhepojde9wah/March%202013%20-%20BSidesAustin%20-%20Mainframes-%20Everyones%20got%20one%2C%20no%20one%20knows%20how%20to%20hack%20them.pdf)
* [BSidesLV 2013 - 遗留 0-Day 黑客如何攻破 Logica 大型机 - Soldier of FORTRAN (@mainframed767)](https://www.dropbox.com/s/w8c9e4yfsmx56tw/BSidesLV%202013%20-%20Logica%20Breach%20.pdf)
* [你防御中的缺口:黑客攻击大型机,作者:Soldier of FORTRAN (@mainframed767)](https://www.slideshare.net/PhilipYoung14/ca-world-mft1755-gaps-in-your-defense-hacking-the-mainframe-philip-young)
* [视频 - 你防御中的缺口:黑客攻击大型机,作者:Soldier of FORTRAN (@mainframed767)](https://www.youtube.com/watch?v=1G5Q2sduexs)
* [黑客攻击大型机;通过 TN3270 暴露的应用程序漏洞,作者:Dominic White (Sensepost)](https://www.slideshare.net/sensepost/vulnerabilities-in-tn3270-based-application)
* [视频 - 黑客攻击大型机;通过 TN3270 暴露的应用程序漏洞,作者:Dominic White (Sensepost)](http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white)
* [视频 - 大型机上的勒索软件:将死,作者:@bigendiansmalls](https://www.youtube.com/watch?v=i-DbTy3bEj8)
* [视频 - 学习大型机黑客技术:我的空闲时间都去哪了?,作者:@bigendiansmalls](http://www.irongeek.com/i.php?page=videos/derbycon5/stable31-learning-mainframe-hacking-where-the-hell-did-all-my-free-time-go-chad-rikansrud)
* [大型机上的后渗透利器:SPECIAL 是新的 root,作者:(@ayoul3__)](https://cansecwest.com/slides/2018/Post%20exploit%20goodness%20on%20a%20Mainframe%20SPECIAL%20is%20the%20new%20root%20-%20Ayoub%20Elaassal,%20PwC%20France.pdf)
* [视频 - 黑客攻击客户信息控制系统 (CICS),作者:Ayoub Elaassal (@ayoul3__)](https://www.youtube.com/watch?v=KnY0Gg_WSLU)
* [视频 - IBM 网络攻击 - 或者说拥有大型机的最简单方法,作者:Martyn Ruks](https://www.youtube.com/watch?v=r9hOiXtrumM)
* [视频 - 破解大型机密码,作者:Nigel Pentland](https://www.youtube.com/watch?v=scVojIRxv-M)
* [视频 - 剥削大型机 - Z/OS 完整性 101,作者:Mark Wilson & Ray Overby](https://www.youtube.com/watch?v=7UVrF8skbHU)
* [视频 - 大型机黑客的温和入门,作者:Dan Helton](https://www.youtube.com/watch?v=ZfUBv2Ac29Q)
* [PDF- 演讲 - Gibson 101 - 2020 年大型机黑客技术快速入门](https://null.co.in/event_sessions/2993-gibson-101-quick-introduction-to-hacking-mainframes-in-2020)
* [视频 - 大型机上的缓冲区溢出,由 Jake Labelle 演讲](https://www.youtube.com/watch?v=q8mFhDmBEIc)
* [PDF- 演讲 - 我是如何发现大型机缓冲区溢出的,由 Jake Labelle 演讲](https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Jake%20Labelle%20-%20Doing%20the%20Impossible%20How%20I%20Found%20Mainframe%20Buffer%20Overflows.pdf)
* [视频 - 选择你自己的冒险,作者:Soldier of FORTRAN (@mainframed767)](https://www.youtube.com/watch?v=Loy9TpFg0bk)
## [↑](#table-of-contents) ACF2 专项参考
* [适用于 z/OS 的 CA ACF2 - 16.0 文档](https://docops.ca.com/ca-acf2-for-z-os/16-0/en)
* [GIAC - ACF2 大型机安全](https://www.giac.org/paper/gsec/2812/acf2-mainframe-security/104768)
## [↑](#table-of-contents) 实验室
* [大型机黑客 - 选择你自己的冒险游戏](https://archive.org/details/MainframeHackingCYOA)
* [DVCA - Damn Vulnerable CICS Application (该死漏洞百出的 CICS 应用)](https://github.com/mainframed/DVCA)
* [DC30 - 大型机缓冲区溢出研讨会容器](https://github.com/mainframed/DC30_Workshop)
## [↑](#table-of-contents) 杂项
* [邪恶大型机黑客培训/课程](https://evilmainframe.com/)
* [CBT Tape - IBM 大型机 MVS 与 OS/360 环境的免费与开源软件发行版合集](http://www.cbttape.org/)
* [IBM 出品的 z/OS 互联网库 - z/OS 相关手册、指南与书籍合集](https://www-01.ibm.com/servers/resourcelink/svc00100.nsf/pages/zosInternetLibrary)
* [DoD 安全技术实施指南 (STIGS) - 搜索 ACF2、Z/OS、RACF 等](https://public.cyber.mil/stigs/downloads/)
* [默认账户](https://github.com/hacksomeheavymetal/zOS/blob/master/default_accounts.txt)
# [↑](#table-of-contents) IBM iSeries
## [↑](#table-of-contents) iSeries 书籍
* Amazon - [Hacking iSeries,作者:Shalom Carmel](https://www.amazon.com/Hacking-iSeries-Shalom-Carmel/dp/1419625012)
* Amazon - [精通 IBM i:当今 IBM i 系统的完整资源,作者:Jim Buck & Jerry Fottral](https://www.amazon.com/Mastering-IBM-Complete-Resource-Todays/dp/1583473564)
* Amazon - [OS/400 与 i5/OS 安全专家指南,作者:Carol Woodbury & Patrick Botz](https://www.amazon.com/gp/offer-listing/158304096X)
* PDF - [IBM AS400 技术介绍](https://www.ibm.com/developerworks/community/files/basic/anonymous/api/library/7cd1e29f-0699-4929-a741-516ce47295a8/document/745425bf-c00a-4a8d-bd8f-1f8e14ef9e65/media)
## [↑](#table-of-contents) 教程与检查清单
* [AS/400 安全评估思维导图](http://www.toolswatch.org/wp-content/uploads/2013/02/AS400.jpg)
* [简单 IBM i (AS/400) 黑客技术](https://blog.silentsignal.eu/2022/09/05/simple-ibm-i-as-400-hacking/)
* [IBM AS/400 和 System i 安全审计:第 1 部分](https://blog.securitybrigade.com/security-audit-of-ibm-as-400-system-i-part-1/)
* [IBM AS/400 和 System i 安全审计:第 2 部分](https://blog.securitybrigade.com/security-audit-ibm-as-400-system-i-2/)
* [IBM i (AS 400) 系统安全评估:第 1 部分](https://iisecurity.in/blog/security-assessment-ibm-400-system-part-1/)
* [Seclists 上关于 AS/400 渗透测试的邮件列表讨论串](https://seclists.org/pen-test/2000/Dec/205)
* [Shalom Carmel 在 BH Europe 2006 演讲的资源](http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Carmel/bh-eu-06-carmel-resources.zip)
## [↑](#table-of-contents) 工具
* [hack400tool - IBM Power Systems(原称 AS/400)的安全处理工具](https://github.com/hackthelegacy/hack400tool)
* [IBM System i 哈希值 (DES, SHA-1) 哈希生成器](http://hackthelegacy.org/index.php?p=/discussion/10/hash-generator-for-ibm-system-i-hashes-des-sha-1-updated)
* [适用于 John the Ripper 的 AS/400 SHA-1 哈希格式插件](http://hackthelegacy.org/index.php?p=/discussion/9/our-as-400-sha-1-hash-format-plugin-for-john-the-ripper-now-included-in-the-bleeding-jumbo-build)
## [↑](#table-of-contents) iSeries 演示与演讲
* [黑掉遗留系统:IBM 又名 AS400 揭秘,作者:Bart Kulach](https://www.youtube.com/watch?v=JsqUZ3xGdLc)
* [面向渗透测试人员的 AS/400,作者:Shalom Carmel](https://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Carmel/bh-eu-06-Carmel.pdf)
* [AS/400:揭开神秘面纱](https://www.youtube.com/watch?v=MWcifBsA8BI)
## [↑](#table-of-contents) 综合杂项
* [AS400i.com](http://as400i.com/)
* [Hack The Legacy 网站](http://hackthelegacy.org/)
极客大型机黑客/渗透测试资源列表。
本列表汇总了互联网上可用于学习大型机渗透测试与安全的资源。
特别感谢 [@mainframed767](https://twitter.com/mainframed767)、[@bigendiansmalls](https://twitter.com/bigendiansmalls)、[@ayoul3__](https://twitter.com/ayoul3__) 以及许多其他研究人员在该领域所做的所有工作。
欢迎[贡献](contributing.md)!
# 目录
* [IBM zSeries](#-IBM-zSeries)
* [书籍](#-Books)
* [教程](#-Tutorials)
* [脚本与工具](#-Scripts-and-Tools)
* [演示与演讲](#-Presentations-and-Talks)
* [ACF2 专项参考](#-ACF2-Specific-references)
* [漏洞环境/实验室](#-labs)
* [杂项](#-misc)
* [IBM iSeries](#-IBM-iSeries)
* [iSeries 书籍](#-iSeries-Books)
* [教程与检查清单](#-Tutorials-and-Checklists)
* [工具](#-Tools)
* [iSeries 演示与演讲](#-iSeries-Presentations-and-Talks)
* [综合杂项](#-miscellaneous)
# [↑](#table-of-contents) IBM zSeries
## [↑](#table-of-contents) 书籍
* Amazon - [面向安全专业人士的大型机基础:RACF 入门 - Ori Pomerantz, Barbara Vander Weele, Mark E. Nelson, Tim Hahn (2008, IBM Press)](https://www.amazon.com/Mainframe-Basics-Security-Professionals-paperback/dp/0133763048)
* Amazon - [IBM Redbooks - 新大型机介绍:z/OS 基础](https://www.amazon.com/Introduction-New-Mainframe-OS-Basics/dp/0738435341)
* PDF - [PoCorGTFO#12 - 第 32 页 - A JCL Adventure with Network Job Entry](https://www.exploit-db.com/download/40624)
## [↑](#table-of-contents) 教程
* [使用 Hercules 模拟 MVS/zOS](https://famicoman.com/2018/06/28/emulating-a-z-os-mainframe-with-hercules/)
* [bigiron - IBM z/OS 安全相关维基/资料合集](https://github.com/v-p-b/bigiron)
* [TSO 教程](http://www.jaymoseley.com/hercules/tso_tutor/tsotutor.htm)
* [Z/OS 简介- IBM Redbooks 视频课程](https://www.redbooks.ibm.com/redbooks.nsf/redbookabstracts/crse0304.html?Open)
* [来自 Chicago Classic Computing 的多篇大型机安全指南](http://chiclassiccomp.org/docs/content/computing/IBM/Mainframe/MainframeSecurity/)
* [使用 UNIX System Services 在 z/OS 上提升你的权限](https://www.bigendiansmalls.com/all-aboard-the-uss-exploits/)
* [@hacksomeheavymetal](https://github.com/hacksomeheavymetal) 的 [z/OS 渗透测试速成课程](https://github.com/hacksomeheavymetal/zOS/blob/master/pentesting.md)
## [↑](#table-of-contents) 脚本与工具
* [TN3270 客户端 - X3270](http://x3270.bgp.nu/)
* [多用途 Nmap 脚本](https://github.com/nmap/nmap/tree/master/scripts)
* [tn3270-screen.nse](https://nmap.org/nsedoc/scripts/tn3270-screen.html)
* [tso-enum.nse](https://nmap.org/nsedoc/scripts/tso-enum.html)
* [tso-brute.nse](https://nmap.org/nsedoc/scripts/tso-brute.html)
* [vtam-enum.nse](https://nmap.org/nsedoc/scripts/vtam-enum.html)
* [lu-enum.nse](https://nmap.org/nsedoc/scripts/lu-enum.html)
* [cics-enum.nse](https://nmap.org/nsedoc/scripts/cics-enum.html)
* [cics-info.nse](https://nmap.org/nsedoc/scripts/cics-info.html)
* [cics-user-brute.nse](https://nmap.org/nsedoc/scripts/cics-user-brute.html)
* [cics-user-enum.nse](https://nmap.org/nsedoc/scripts/cics-user-enum.html)
* [TPX Brute - z/OS TPX 登录面板暴力破解工具](https://github.com/quentinhardy/TPX-Brute)
* [RACF 数据库解析器](https://github.com/bigendiansmalls/racfdbparse)
* 大型机应用程序渗透测试 (CICS 等)
* [CICSPwn](https://github.com/ayoul3/cicspwn)
* [BIRP](https://github.com/sensepost/birp)
* [CICSshot - 获取 CICS 的屏幕截图](https://github.com/ayoul3/cicsshot)
* [被破解的 wc3270 模拟器](https://github.com/ayoul3/wc3270_hacked)
* zOS 枚举脚本
* [在 Z/OS 上全面枚举诸如 VERSION、APF Libraries、SVCs、USERS 等信息](https://github.com/mainframed/Enumeration)
* [@ayoul3__ 的 REXX 脚本合集](https://github.com/ayoul3/Rexx_scripts)
* [@jaytay79 的 SETRRCVT](https://github.com/jaytay79/zos/blob/master/SETRRCVT.rexx)
* [FTP - JCL 命令执行 - @bigendiansmalls 的 Metasploit 模块](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/mainframe/ftp/ftp_jcl_creds.md)
* [用于 z/OS 的 Metasploit Payloads](https://github.com/rapid7/metasploit-framework/tree/12198a088132f047e0a86724bc5ebba92a73ac66/modules/payloads/singles/cmd/mainframe)
* [NC110-OMVS z/OS OMVS 的 Netcat](https://github.com/mainframed/NC110-OMVS)
* [TShOcker - 可通过 NetCat 访问的 TSO 和 UNIX 迷你命令解释器](https://github.com/mainframed/TShOcker)
* [ayoul3__ 的 zOS 权限提升脚本](https://github.com/ayoul3/Privesc)
* [关于 TESTAUTH 命令在提权状态下运行程序的说明](https://github.com/zBit31/testauth)
* [zOSFTPlib - 专为 Z/OS 设计的类似 python ftplib 的库](https://pypi.org/project/zosftplib/)
## [↑](#table-of-contents) 演示与演讲
* [视频 - Soldier of FORTRAN (@mainframed767) 的所有演讲](https://www.youtube.com/playlist?list=PLBVy6TfEpKmEL56fb5AnZCM8pXXFfJS0n)
* [如何入侵 z/OS 系统 - Staurt Henderson](http://www.stuhenderson.com/XBRKZTXT.PDF)
* [如何通过 USS、TCP/IP 和互联网入侵 z/OS 系统](http://www.stuhenderson.com/STUuss01.pdf)
* [视频 - @bigendiansmalls 的大型机 [z/OS] 逆向工程与漏洞利用开发](https://www.bigendiansmalls.com/files/us-18-Rikansrud-Mainframe-[zOS]-Reverse-Engineering-and-Exploit-Development_Publish.mp4)
* [视频 - 安全死灵法术:大型机黑客的进一步冒险,作者:Soldier of FORTRAN (@mainframed767) & @bigendiansmalls](https://www.youtube.com/watch?v=LgmqiugpVyU)
* [z/OS 十大安全漏洞,作者:John Hillman (Vanguard)](https://chapters.theiia.org/fort-worth/ChapterDocuments/zOS%20Security%20Audit%20Top%20Ten%20-%20ISACA.pdf)
* [大型机黑客的现状,作者:Phil Young - Soldier of FORTRAN (@mainframed767)](https://www.slideshare.net/PhilipYoung14/philip-young-current-state-of-mainframe-hacking-vanguard-101016)
* [高级大型机黑客技术,作者:Phil Young - Soldier of FORTRAN (@mainframed767)](https://www.slideshare.net/PhilipYoung14/advanced-mainframe-hacking)
* [Defcon 22 从 ROOT 到 SPECIAL - Soldier of FORTRAN (@mainframed767)](https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20presentations/DEF%20CON%2022%20-%20Philip-Young-From-root-to-SPECIAL-Hacking-IBM-Mainframes.pdf)
* [大型机:这到底是怎么回事?- Soldier of FORTRAN (@mainframed767)](https://www.dropbox.com/s/zl7suai6g1558yl/April%202013%20-%20ThotCon%202013%20-%20Mainframes-%20What%20the%20fuck%20is%20that%20about-.pdf)
* [BSidesAustin 大型机:每个人都有,但没人知道怎么黑掉它 - Soldier of FORTRAN (@mainframed767)](https://www.dropbox.com/s/8vdrhepojde9wah/March%202013%20-%20BSidesAustin%20-%20Mainframes-%20Everyones%20got%20one%2C%20no%20one%20knows%20how%20to%20hack%20them.pdf)
* [BSidesLV 2013 - 遗留 0-Day 黑客如何攻破 Logica 大型机 - Soldier of FORTRAN (@mainframed767)](https://www.dropbox.com/s/w8c9e4yfsmx56tw/BSidesLV%202013%20-%20Logica%20Breach%20.pdf)
* [你防御中的缺口:黑客攻击大型机,作者:Soldier of FORTRAN (@mainframed767)](https://www.slideshare.net/PhilipYoung14/ca-world-mft1755-gaps-in-your-defense-hacking-the-mainframe-philip-young)
* [视频 - 你防御中的缺口:黑客攻击大型机,作者:Soldier of FORTRAN (@mainframed767)](https://www.youtube.com/watch?v=1G5Q2sduexs)
* [黑客攻击大型机;通过 TN3270 暴露的应用程序漏洞,作者:Dominic White (Sensepost)](https://www.slideshare.net/sensepost/vulnerabilities-in-tn3270-based-application)
* [视频 - 黑客攻击大型机;通过 TN3270 暴露的应用程序漏洞,作者:Dominic White (Sensepost)](http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white)
* [视频 - 大型机上的勒索软件:将死,作者:@bigendiansmalls](https://www.youtube.com/watch?v=i-DbTy3bEj8)
* [视频 - 学习大型机黑客技术:我的空闲时间都去哪了?,作者:@bigendiansmalls](http://www.irongeek.com/i.php?page=videos/derbycon5/stable31-learning-mainframe-hacking-where-the-hell-did-all-my-free-time-go-chad-rikansrud)
* [大型机上的后渗透利器:SPECIAL 是新的 root,作者:(@ayoul3__)](https://cansecwest.com/slides/2018/Post%20exploit%20goodness%20on%20a%20Mainframe%20SPECIAL%20is%20the%20new%20root%20-%20Ayoub%20Elaassal,%20PwC%20France.pdf)
* [视频 - 黑客攻击客户信息控制系统 (CICS),作者:Ayoub Elaassal (@ayoul3__)](https://www.youtube.com/watch?v=KnY0Gg_WSLU)
* [视频 - IBM 网络攻击 - 或者说拥有大型机的最简单方法,作者:Martyn Ruks](https://www.youtube.com/watch?v=r9hOiXtrumM)
* [视频 - 破解大型机密码,作者:Nigel Pentland](https://www.youtube.com/watch?v=scVojIRxv-M)
* [视频 - 剥削大型机 - Z/OS 完整性 101,作者:Mark Wilson & Ray Overby](https://www.youtube.com/watch?v=7UVrF8skbHU)
* [视频 - 大型机黑客的温和入门,作者:Dan Helton](https://www.youtube.com/watch?v=ZfUBv2Ac29Q)
* [PDF- 演讲 - Gibson 101 - 2020 年大型机黑客技术快速入门](https://null.co.in/event_sessions/2993-gibson-101-quick-introduction-to-hacking-mainframes-in-2020)
* [视频 - 大型机上的缓冲区溢出,由 Jake Labelle 演讲](https://www.youtube.com/watch?v=q8mFhDmBEIc)
* [PDF- 演讲 - 我是如何发现大型机缓冲区溢出的,由 Jake Labelle 演讲](https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Jake%20Labelle%20-%20Doing%20the%20Impossible%20How%20I%20Found%20Mainframe%20Buffer%20Overflows.pdf)
* [视频 - 选择你自己的冒险,作者:Soldier of FORTRAN (@mainframed767)](https://www.youtube.com/watch?v=Loy9TpFg0bk)
## [↑](#table-of-contents) ACF2 专项参考
* [适用于 z/OS 的 CA ACF2 - 16.0 文档](https://docops.ca.com/ca-acf2-for-z-os/16-0/en)
* [GIAC - ACF2 大型机安全](https://www.giac.org/paper/gsec/2812/acf2-mainframe-security/104768)
## [↑](#table-of-contents) 实验室
* [大型机黑客 - 选择你自己的冒险游戏](https://archive.org/details/MainframeHackingCYOA)
* [DVCA - Damn Vulnerable CICS Application (该死漏洞百出的 CICS 应用)](https://github.com/mainframed/DVCA)
* [DC30 - 大型机缓冲区溢出研讨会容器](https://github.com/mainframed/DC30_Workshop)
## [↑](#table-of-contents) 杂项
* [邪恶大型机黑客培训/课程](https://evilmainframe.com/)
* [CBT Tape - IBM 大型机 MVS 与 OS/360 环境的免费与开源软件发行版合集](http://www.cbttape.org/)
* [IBM 出品的 z/OS 互联网库 - z/OS 相关手册、指南与书籍合集](https://www-01.ibm.com/servers/resourcelink/svc00100.nsf/pages/zosInternetLibrary)
* [DoD 安全技术实施指南 (STIGS) - 搜索 ACF2、Z/OS、RACF 等](https://public.cyber.mil/stigs/downloads/)
* [默认账户](https://github.com/hacksomeheavymetal/zOS/blob/master/default_accounts.txt)
# [↑](#table-of-contents) IBM iSeries
## [↑](#table-of-contents) iSeries 书籍
* Amazon - [Hacking iSeries,作者:Shalom Carmel](https://www.amazon.com/Hacking-iSeries-Shalom-Carmel/dp/1419625012)
* Amazon - [精通 IBM i:当今 IBM i 系统的完整资源,作者:Jim Buck & Jerry Fottral](https://www.amazon.com/Mastering-IBM-Complete-Resource-Todays/dp/1583473564)
* Amazon - [OS/400 与 i5/OS 安全专家指南,作者:Carol Woodbury & Patrick Botz](https://www.amazon.com/gp/offer-listing/158304096X)
* PDF - [IBM AS400 技术介绍](https://www.ibm.com/developerworks/community/files/basic/anonymous/api/library/7cd1e29f-0699-4929-a741-516ce47295a8/document/745425bf-c00a-4a8d-bd8f-1f8e14ef9e65/media)
## [↑](#table-of-contents) 教程与检查清单
* [AS/400 安全评估思维导图](http://www.toolswatch.org/wp-content/uploads/2013/02/AS400.jpg)
* [简单 IBM i (AS/400) 黑客技术](https://blog.silentsignal.eu/2022/09/05/simple-ibm-i-as-400-hacking/)
* [IBM AS/400 和 System i 安全审计:第 1 部分](https://blog.securitybrigade.com/security-audit-of-ibm-as-400-system-i-part-1/)
* [IBM AS/400 和 System i 安全审计:第 2 部分](https://blog.securitybrigade.com/security-audit-ibm-as-400-system-i-2/)
* [IBM i (AS 400) 系统安全评估:第 1 部分](https://iisecurity.in/blog/security-assessment-ibm-400-system-part-1/)
* [Seclists 上关于 AS/400 渗透测试的邮件列表讨论串](https://seclists.org/pen-test/2000/Dec/205)
* [Shalom Carmel 在 BH Europe 2006 演讲的资源](http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Carmel/bh-eu-06-carmel-resources.zip)
## [↑](#table-of-contents) 工具
* [hack400tool - IBM Power Systems(原称 AS/400)的安全处理工具](https://github.com/hackthelegacy/hack400tool)
* [IBM System i 哈希值 (DES, SHA-1) 哈希生成器](http://hackthelegacy.org/index.php?p=/discussion/10/hash-generator-for-ibm-system-i-hashes-des-sha-1-updated)
* [适用于 John the Ripper 的 AS/400 SHA-1 哈希格式插件](http://hackthelegacy.org/index.php?p=/discussion/9/our-as-400-sha-1-hash-format-plugin-for-john-the-ripper-now-included-in-the-bleeding-jumbo-build)
## [↑](#table-of-contents) iSeries 演示与演讲
* [黑掉遗留系统:IBM 又名 AS400 揭秘,作者:Bart Kulach](https://www.youtube.com/watch?v=JsqUZ3xGdLc)
* [面向渗透测试人员的 AS/400,作者:Shalom Carmel](https://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Carmel/bh-eu-06-Carmel.pdf)
* [AS/400:揭开神秘面纱](https://www.youtube.com/watch?v=MWcifBsA8BI)
## [↑](#table-of-contents) 综合杂项
* [AS400i.com](http://as400i.com/)
* [Hack The Legacy 网站](http://hackthelegacy.org/)标签:ACF2, AS/400, Awesome, Chaos, IBM iSeries, IBM zSeries, Mainframe, RACF, z/OS, 企业安全, 反取证, 大型机, 子域名变形, 子域名枚举, 安全评估, 插件系统, 无线安全, 系统安全, 系统管理, 网络安全, 网络资产管理, 逆向工具, 遗留系统, 隐私保护, 靶场环境, 黑客技术