• 

  Myths

  dangerous

  “IBM i (formerly known as AS/400) systems are secure by default.”

  dangerous

  “Unlike many other computer systems, IBM i is not susceptible to zero-day vulnerabilities.”

  dangerous

  “No one can penetrate a server in the internal network of the corporation.”

• 

  Facts

  verified

  The security testing of IBM i systems is quite often skipped, or done superficially.

  verified

  Silent Signal has reported more than 10 critical vulnerabilities in IBM i during 2023.

  verified

  Our continuously growing cutting-edge security feed identifies over 300 vulnerabili­ties in 3rd party applications on IBM i.

• 

  Our IBM i security blog posts

  2023.08.22	Technical Details of CVE-2023-30988 - IBM Facsimile Support Privilege Escalation
  2023.07.03	Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service
  2023.03.30	Booby Trapping IBM i
  2023.01.20	Abusing Adopted Authority on IBM i
  2022.09.28	Another Tale of IBM i (AS/400) Hacking
  2022.09.05	Simple IBM i (AS/400) hacking

• 

  Publicly available IBM i vulnerabilities reported by us

  CVE-2023-40686 CVE-2023-40685	IBM i is vulnerable to a local privilege escalation due to flaws in Management Central
  CVE-2023-40378	IBM i is vulnerable to a local privilege escalation due to a flaw in IBM Directory Server for i
  CVE-2023-40377	IBM i is vulnerable to a local privilege escalation due to a flaw in IBM Backup, Recovery & Media Services for i
  CVE-2023-40375	Integrated application server for IBM i is vulnerable to a local privilege escalation
  CVE-2023-30990	IBM i is vulnerable to an attacker executing CL commands due to an exploitation of DDM architecture
  CVE-2023-30989	IBM Performance Tools for i is vulnerable to local privilege escalation
  CVE-2023-30988	IBM Facsimile Support for i is vulnerable to local privilege escalation

• 

  News articles and videos regarding our IBM i security research

  • news 2023: An IBM i Year in Review
  • news Spooky New Security Vulns Lurking on IBM i
  • news Silent Signal Launches iCompliant to Provide Elevated Security for IBM i System Users
  • news Midsummer Security Indicators: Hot and Gloomy
  • news Serious New IBM i Vulns Exposed by Silent Signal – More On the Way
  • news New “High Priority” DDM Vulnerability Affects IBM i
  • news Silent Signal Discovered a Critical Vulnerability in IBM i System – CVE-2023-30990
  • smart_display IBM Technology UKI Brunch and Learn – What You Can Do With An IP Address
  • news White Hats Completely Dismantle Menu-Based Security
  • news Pen Tester Silent Signal Targets IBM i

Assessment and Remediation

• 

  IBM i training

  Educate your security staff about IBM i, so they can better integrate your most critical assets in your security program

  Deliver knowledge about the latest security best practices to your IBM i teams, so they can get the most of the security features of the platform

  Our IBM i security trainings are the ultimate resource for proactively securing IBM i systems. Led by experienced instructors with extensive knowledge of IBM i penetration testing, security research, and industry best practices, our trainings are designed to help IT professionals of all levels stay ahead of the curve when it comes to securing critical systems and data.

  Our trainings enable security professionals to get up to speed with IBM i and its security features. We introduce the platform through hands-on exercises, and show how exploits are connected to well-known attacker techniques, allowing quick adoption of defensive concepts.

  Learn more about our IBM i security training...

Request a demo, pentest or webinar

• 

  LIVE IBM i HACKING – ON-DEMAND WEBINAR
  Demystifying IBM i System Security

  Why IBM i System needs to be secured, and why wasn’t it an issue in the past 35 years?

  We have proven that breaking into IBM i Systems from a remote location and escalating access rights to a privileged user is possible and can take less than a minute for a malicious actor. We did it. However, we are white hackers and reported more than 11 critical vulnerabilities so far, all vendor-patched with CVEs.

  It’s time to shift your paradigm: enlighten the black hole in your IBM i System – we show you why and how.

  CIOs and CISOs have been challenged by securing their mission-critical data kept in their old-time proven solutions, operating in the heart of their infrastructure, such as the IBM i System. Without the necessary tools, it’s impossible to have visibility in their traditional systems.

  Key takeaways – what you will learn:

  security

  How to get a realistic view on IBM i System Security

  forum

  How to build a bridge between IBM i System admins and sec teams by feeding the prioritized list of actionable insights into an existing security dashboard

  lock	How to reduce the attack surface, break exploits

  folder_copy

  How to always have a Plan B for backup, and have your system up and running within 20 minutes

  Speakers:

  Bálint Varga-Perke, co-founder and IT Security Expert at Silent Signal

  Jack Wilkins, Technical consultant at Chilli IT

• 

  Get in touch

  Name:

  Business e-mail:

  Organization:

  Notes:

  I would like to request

  an iCompliant demo

  
  

  information about IBM i penetration testing services

  
  

  access to the live IBM i hacking on-demand webinar

  
  

  I agree to receive further communication from Silent Signal on IBM i System Security.

  
  

  I have read and and agree to the privacy policy.

  
  
  Submit