BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//pretalx.com//orangecon-2026//speaker//KAEYYZ BEGIN:VEVENT UID:pretalx-orangecon-2026-S9DBTD@pretalx.com DTSTART:20260604T130500Z DTEND:20260604T133500Z DESCRIPTION:Before the web. Before TCP/IP. Before "cloud." Some of the most powerful computers in the world were already running production workloads .\nIBM mainframes didn't grow up in the browser era. System/360 (1964)\, M VS (1974)\, and today's z/OS (2000) were built for batch jobs\, green-scre en terminals\, and a world where the internet simply didn't exist. Yet the se systems still quietly process the majority of global financial transact ions\, airline bookings\, and government records.\n\nThis talk is a guided tour of what happens when modern red teamers bring cloud-era assumptions into a system that predates the web. We'll break down how mainframes actua lly organize authority across five control planes (VTAM\, TSO\, RACF\, JES \, and CICS) and show exactly where those assumptions break. No shell mode l. No process tree. No EDR. The attack surface looks nothing like what you r tooling expects.\n\nWe'll walk real techniques: TN3270 user enumeration\ , STEPLIB hijacking as a supply chain analog\, JCL injection for deferred privileged execution\, RACF misconfiguration paths\, and how Network Job E ntry misconfigurations can enable remote job submission without meaningful authentication. The mainframe equivalent of an open relay. These aren't t heoretical. They come from real assessments against production environment s.\n\nWe'll also introduce BigIron.ai\, an open-source\, fully offline AI- assisted assessment platform for z/OS and MVS environments. It runs a loca l LLM against live TN3270 sessions\, interprets control-plane context in r eal time\, guides structured walkthroughs\, and generates findings. No clo ud\, no API keys\, no data leaves the machine. We'll demo it live.\n\nNo m ainframe background required. Just clear mental models\, real terminal out put\, and a framework you can use the next time a mainframe shows up in sc ope.\n\nThink of it as critical infrastructure security for a system your threat model forgot. DTSTAMP:20260525T192624Z LOCATION:Track 1 SUMMARY:Hacking Big Iron With AI: Attacking Mainframe Operating Systems Bey ond Modern Assumptions - Adam Toscher URL:https://pretalx.com/orangecon-2026/talk/S9DBTD/ END:VEVENT END:VCALENDAR