YoVDO

Hacking POS Systems

Offered By: NorthSec via YouTube

Tags

NorthSec Courses Cybersecurity Courses Data Extraction Courses Privilege Escalation Courses Point of Sale Systems Courses

Course Description

Overview

Explore the world of Point of Sale (PoS) system hacking in this 38-minute conference talk from NorthSec. Dive into the methods attackers use to exploit technical and policy vulnerabilities in credit card fraud schemes. Learn about physical security approaches, kiosk breakouts, and sensitive data extraction techniques. Gain insights from real-life examples, including critical vulnerabilities in Oracle's hotel management platform. Discover topics such as PCI-DSS vs PA-DSS, administrative start-up scripts, accessibility keyboard shortcuts, Microsoft Office macros, and privilege escalation. Examine the risks associated with barcode scanners, magstripe readers, and two-tier architecture. Understand the implications of exposed session logs, database credentials, and remote code execution in Oracle OPERA. Conclude with valuable takeaways to enhance your understanding of PoS system security.

Syllabus

Intro
PCI-DSS vs PA-DSS
Physical Access
Kiosk Breakouts: Administrative Start-up Script
Kiosk Breakouts: Accessibility Keyboard Shortcuts
Kiosk Breakouts: Microsoft Office Macros
Kiosk Breakouts: Context Menu via Internet Explorer
Kiosk Breakouts: Notepad++ Run Prompt
Keyboards with Media Keys
Barcode Scanners as Keyboards
Privilege Escalation
Remarks on Scoping
Getting the Goods
MagStripe Reader "Malware"
MagStripe Reader: Authentication Weakness
Two-tier Architecture and Direct Database Access
Oracle OPERA: Disclosed Vulnerabilities
Oracle OPERA: Exposed Session Logs (#1)
Oracle OPERA: Exposed Database Creds (#2)
Oracle OPERA: Remote Code Execution (#3)
Oracle OPERA: Extracting Sensitive Data
Arbitrary Refunds with URI Schemes
Takeaways


Taught by

NorthSec

Related Courses

I Am Become Loadbalancer, Owner of Your Network
NorthSec via YouTube
The Risks of RDP and How to Mitigate Them
NorthSec via YouTube
Authentication Challenges in SaaS Integration and Cloud Transformation
NorthSec via YouTube
Building CANtact Pro - An Open Source CAN Bus Tool
NorthSec via YouTube
Unmasking the Chameleons of the Criminal Underground
NorthSec via YouTube