YoVDO

Hacking POS Systems

Offered By: NorthSec via YouTube

Tags

NorthSec Courses Cybersecurity Courses Data Extraction Courses Privilege Escalation Courses Point of Sale Systems Courses

Course Description

Overview

Explore the world of Point of Sale (PoS) system hacking in this 38-minute conference talk from NorthSec. Dive into the methods attackers use to exploit technical and policy vulnerabilities in credit card fraud schemes. Learn about physical security approaches, kiosk breakouts, and sensitive data extraction techniques. Gain insights from real-life examples, including critical vulnerabilities in Oracle's hotel management platform. Discover topics such as PCI-DSS vs PA-DSS, administrative start-up scripts, accessibility keyboard shortcuts, Microsoft Office macros, and privilege escalation. Examine the risks associated with barcode scanners, magstripe readers, and two-tier architecture. Understand the implications of exposed session logs, database credentials, and remote code execution in Oracle OPERA. Conclude with valuable takeaways to enhance your understanding of PoS system security.

Syllabus

Intro
PCI-DSS vs PA-DSS
Physical Access
Kiosk Breakouts: Administrative Start-up Script
Kiosk Breakouts: Accessibility Keyboard Shortcuts
Kiosk Breakouts: Microsoft Office Macros
Kiosk Breakouts: Context Menu via Internet Explorer
Kiosk Breakouts: Notepad++ Run Prompt
Keyboards with Media Keys
Barcode Scanners as Keyboards
Privilege Escalation
Remarks on Scoping
Getting the Goods
MagStripe Reader "Malware"
MagStripe Reader: Authentication Weakness
Two-tier Architecture and Direct Database Access
Oracle OPERA: Disclosed Vulnerabilities
Oracle OPERA: Exposed Session Logs (#1)
Oracle OPERA: Exposed Database Creds (#2)
Oracle OPERA: Remote Code Execution (#3)
Oracle OPERA: Extracting Sensitive Data
Arbitrary Refunds with URI Schemes
Takeaways


Taught by

NorthSec

Related Courses

Data Wrangling with MongoDB
MongoDB via Udacity
Data Science Essentials for SAP
OnSAP Academy via Independent
Herramientas de la Inteligencia de Negocios
Galileo University via edX
Digital Media Analytics: Using 'Listening Data'
Purdue University via FutureLearn
Advanced Business Analytics
University of Colorado Boulder via Coursera