Hacking POS Systems
Offered By: NorthSec via YouTube
Course Description
Overview
Syllabus
Intro
PCI-DSS vs PA-DSS
Physical Access
Kiosk Breakouts: Administrative Start-up Script
Kiosk Breakouts: Accessibility Keyboard Shortcuts
Kiosk Breakouts: Microsoft Office Macros
Kiosk Breakouts: Context Menu via Internet Explorer
Kiosk Breakouts: Notepad++ Run Prompt
Keyboards with Media Keys
Barcode Scanners as Keyboards
Privilege Escalation
Remarks on Scoping
Getting the Goods
MagStripe Reader "Malware"
MagStripe Reader: Authentication Weakness
Two-tier Architecture and Direct Database Access
Oracle OPERA: Disclosed Vulnerabilities
Oracle OPERA: Exposed Session Logs (#1)
Oracle OPERA: Exposed Database Creds (#2)
Oracle OPERA: Remote Code Execution (#3)
Oracle OPERA: Extracting Sensitive Data
Arbitrary Refunds with URI Schemes
Takeaways
Taught by
NorthSec
Related Courses
I Am Become Loadbalancer, Owner of Your NetworkNorthSec via YouTube The Risks of RDP and How to Mitigate Them
NorthSec via YouTube Authentication Challenges in SaaS Integration and Cloud Transformation
NorthSec via YouTube Building CANtact Pro - An Open Source CAN Bus Tool
NorthSec via YouTube Unmasking the Chameleons of the Criminal Underground
NorthSec via YouTube