Internal Exploit Testing
As discussed previously Penetration Testing is the process of exploiting selected vulnerabilities in order to demonstrate weaknesses in the security environment. It can be viewed as a multilayered multi-phase process and can be looked at from both external and internal perspectives.
Internal Exploit Testing is direct testing on the mainframe environment. This is based on the assumption that access to the mainframe environment has been obtained with normal user privileges or in other words a typical user has been compromised either through acquiring credentials or through session hijacking.
This phase is conducted using the standard TSO User IDs supplied by the organization. During this phase we will probe the system and determine if it is possible to elevate privileges to gain access to resources and/or data. We will attempt to identify if one may hijack other user’s connections, monitor their activities, use their identities and execute transactions under the name of a third party user.
The areas covered will include some (if not all) of the following:
- APF-Authorised Library checks
- Execution of controlled modules
- RACF-Authorised Caller table
- Password Checks
- Public Dataset Checks
- Public Resource Checks 13
- User SVC Checks
- Integrity APAR Checks
- MVS & JES/2 Command Authority Checks
- RACF Exit Checks
- JES/2 Spool Dataset Checks
- MVS Subsystem Checks (IMS, DB/2, CICS, NETView, etc.)
- Miscellaneous Checks
*prices exclude potential travel or lodging costs