PinPadPwn
Offered By: 44CON Information Security Conference via YouTube
Course Description
Overview
Explore the vulnerabilities of pin pads and payment terminals in this 57-minute conference talk from the 44CON Information Security Conference. Delve into the complexities of Chip and Pin technology, EMV protocols, and the expanding attack surface of payment devices. Learn about memory corruption vulnerabilities and their potential for code execution on terminals. Examine case studies, witness demonstrations of exploits, and understand the implications for payment security. Gain insights into vendor fixes, device administration, and future security considerations for payment systems.
Syllabus
Intro
Rafael
Payment terminals
Previous attacks
Attack Surface
Research Approach
Common setups
Payment ecosystem
Chippin payments
Chipandpin payments
Smart cards
EMV Lab Doc
First Attempt
Smart Card
Case Studies
Payment Terminal
Network Interface
Memory Dump
Password Check
EMV Buffer Overflow
Demo
Demo Summary
Vendor Fix
Device Overview
Payment Application
Remote Administration
Demonstration
Payment
CashInHide
Future Work
More Updates
Conclusion
Security
Security questions
Taught by
44CON Information Security Conference
Related Courses
Citrix Virtual Apps and Desktops (CVAD): Explore Advanced ManagementPluralsight Windows Server 2016: Active Directory Certificate Services
LinkedIn Learning Hardware Authentication Tokens - Nate Graff
White Hat Cal Poly via YouTube Authz is the New Authn - Trust Elevation with UMA and OpenID Connect
LASCON via YouTube From Workstation to Domain Admin - Why Secure Administration Isn't Secure and How to Fix It
WEareTROOPERS via YouTube