The worlds first
Mainframe Penetration Testing Class
Tell Me More

The Class

This first of its kind mainframe hacking class teaches you the techniques you need to conduct mainframe penetration tests. Using a live z/OS mainframe you'll get the ability to put the classroom teachings in to practice. THough this class is outlined as a beginner class to mainframe hacking, attendees should have knowledge of IT security, penetration testing and very basic Python.


This class walks through techniques for gaining system access, performing end-to-end penetration tests, and teaching you to ‘own’ the mainframe. Students are given access to a mainframe environment for the duration of the course where they will learn to navigate the operating system, some of the misconfiguration targets and privilege escalation techniques. Goals for each segment will be laid out with appropriate time afforded to students to allow them the ability to gain a deep understanding of how a mainframe pentest could and should be performed.

Hands On

Over 15 hands on mainframe labs will make sure you get the time you need to put what you're learning in class in to practice. The areas explored in this course include VTAM, CICS, TSO, Unix and Web. Students will get introduced to the open source tools and libraries available for all the steps of a penetration test including Nmap, python, kali, and metasploit as well as being able to write their own tools on the mainframe using REXX, JCL, C and CLISTs.


Take your mainframe hacking skills to the test as you get to compete in a mainframe CTF competition with your classmates. Everything you learn in class will be called upon as you try and solve over 20 challenges ranging from easy (What is OMVS) to very hard. You'll need to have been paying attention if you plan to win a prize.

Upcoming Classes

We teach multiple times a year. Watch this space for upcoming classes.

BlackHat Asia

BlackHat Asia

March 26th, 2019

Frankfurt, Germany


May 6, 2019



May 14th, 2019

Arlington, VA USA


June 10, 2019

Brussels, Belgium


July, 2019

zdevops Almere
Buy Tickets


November 19, 2019

Previous Years

Breukelen, Netherlands

Van Der Walk Hotel Bruekelen

February 2nd, 2018

Charlotte ISSA

Charlotte, NC

May 9th, 2018

Sydney, Australia

EY Center

June 12, 2018

Milwaukee, Wisconsin

Milwaukee, WI

September 12th, 2018



October 3rd, 2018

Private Corporate Event

Singapore, SG

October, 2018

Private Corporate Event

London, England

November, 2018

Private Corporate Event


December, 2018

BlackHat Europe

London, England

December 3rd, 2018


Here's what we cover in this class.

  • Day 1 - Morning

    Intro to the OS

    We start with a simple introduction to the operating system including its history, how to navigate around, patching, accessing memory and system boot. We also cover CICS and how its used in a typical enterprise.

    Labs: Creating folders, copy/paste files. Access memory with REXX. Accessing CICS and a real CICS transaction.

  • Day 1 - Afternoon

    Security, JCL and Shells

    After lunch we cover how security is managed on a mainframe, then we dive deep in to how to write JCL followed by REXX, C and HLASM. We then take a tour of the TN3270 protocol ending the day.

    Labs: RACF commands and SURROGAT. REXX and C shell with JCL. TN3270 scripting and attacks.

  • Day 2 - Morning

    How to do a Pentest

    In Day 2 we cover the steps of a pentest. Before lunch cover the areas of reconnaissance, how to get a shell/interact with the mainframe, and enumeration once you're on the mainframe.

    Labs: Nmap. FTP and JCL. REXX Enumeration.

  • Day 2 - Afternoon

    Owning the Mainframe

    We wrap up the training with offline password cracking and some of the many ways to do privilege escalation on a mainframe.

    Labs: Crack passwords. Privilege escalation with REXX and APF.

  • Capture

Our Instructors

Our two instructors have spent years developing mainframe hacking skills. Together they've spoken at more than 20 events world wide about mainframe hacking, including RSA, BlackHat, DEFCON and they've both keynoted SHARE. They bring years of experience at the crossroads of mainframes and hacking.

Phil Young

Soldier of FORTRAN

Chad Rikansrud

Big Endian Smalls