09-11, 14:55–15:40 (Europe/Stockholm), Main hall
AS/400 - also known as IBM i - has been around since 1988 and is still alive and kicking in many organizations today. In this talk I will recap on known AS/400 hacking techniques and go through a few interesting findings from around 8 security assessments I worked on over the last 10 years that included AS/400 systems. I will cover the network attack surface of an AS/400 system, local privilege escalation and post-exploitation vectors, and demonstrating some novel techniques derived from my own research along the way.
Jonas is a Principal Security Consultant at WithSecure. A pentester turned red teamer. Enjoys coffee, coding, bypassing EDRs, Windows privilege escalation bugs and getting Domain Admin.