Overview
Explore the intricate world of point-of-sale (POS) malware in this comprehensive conference talk from OWASP AppSec California 2015. Delve into the architecture of POS systems, credit card processing, and the sophisticated techniques employed by attackers to steal sensitive financial data. Gain insights into magnetic stripe track data formats, credit card reader technology, and POS hardware and software integration. Examine various malware attack techniques, including RAM scraping, process hooking, and keyboard hooks. Witness live demonstrations of a proof-of-concept RAM scraping malware and a simulated POS system compromise. Learn about critical concepts such as the Luhn algorithm and command and control techniques. Discover mitigation strategies and participate in a Q&A session to enhance your understanding of this critical cybersecurity topic.
Syllabus
Introduction
2014 Verizon Data Breach Report
Credit Cards
POS Components
POS Software
Magnetic Stripe: Track
Major Transition Types
Data Encryption
Attack Scenario
RAM Scraper Attack Working
Verify Card Number
Mitigation
Taught by
OWASP Foundation