SlideShare a Scribd company logo
ATM Malware:
Understanding the Threat
Amit Malik
Co-Founder @ Cysinfo (https://cysinfo.com)
Researcher @ Netskope
Linkedin: https://in.linkedin.com/in/doublezer0
Disclaimer
The Content, Demonstration, Source Code and
Programs presented here is “AS IS” without any
warranty or conditions of any kind. Also the views/
ideas/knowledge expressed here are solely of the
author’s only and nothing to do with the company or the
organisation in which the author is currently working.
However in no circumstances neither the speaker nor
Cysinfo is responsible for any damage or loss caused
due to use or misuse of the information presented here.
News..
Agenda
• Introduction
• XFS subsystem/middleware architecture
• XFS Internals
• ATM Malware evolution
• Case Study
RIPPER ATM Malware
Introduction
• ATM (Automated Teller Machine)
• As per ATM Industry Association (ATMIA) there are around 3 Million ATMs installed
worldwide.
• Majority of the ATMs use windows operating system.
• WOSA/XFS or CEN XFS is the software standard used by ATM platforms for ATM device
interactions.
• XFS subsystem basically provides the common API to access and manipulate the ATM
devices from different vendors.
• Leading ATM vendors:
• NCR
• Diebold
• Wincor
ATM Diagram
*Picture: https://upload.wikimedia.org/wikipedia/commons/9/99/Atm_blockdiagram.png
XFS (eXtensions for Financial
Services) Architecture
*pic: CEN/XFS Specifications
XFS APIs
• Application uses XFS APIs to communicate with
service providers.
• APIs can be called synchronously or
asynchronously.
• XSF manager translates the APIs to SPIs
• APIs starts with WFS*
• Example: WFSOpen, WFSExecute, WFSGetInfo etc.
Configuration Information
• XFS manager uses configuration information to route APIs to
SPIs.
• Configuration information is stored in windows registry hives.
• PC dependent information is stored under
• HKEY_LOCAL_MACHINESOFTWAREXFS
• User dependent information is stored under:
• HKEY_USERS.DefaultXFS
• .Default or user id.
Config. Info. cont..
• PC dependant information.
• XFS_Manager: trace file, share file information etc.
• Service_Provider: XFS compliant service provider - dll name, version, vendor name
• Physical_service: physical attachments configuration by the solution providers.
*pic:CEN/XFS Specifications
Config. Info. cont..
• Example (service providers):
[HKEY_LOCAL_MACHINESOFTWAREXFSSERVICE_PROVIDERSPIN]
"dllname"="PIN.DLL"
"vendor_name"="XFS Solutions Provider"
"version"="1.0.0"
[HKEY_LOCAL_MACHINESOFTWAREXFSSERVICE_PROVIDERSIDC]
"dllname"="IDC.DLL"
"vendor_name"="XFS Solutions Provider"
"version"="1.0.0"
[HKEY_LOCAL_MACHINESOFTWAREXFSSERVICE_PROVIDERSCDM]
"dllname"="CDM.DLL"
"vendor_name"="XFS Solutions Provoder"
"version"="1.0.0"
Config. Info. cont..
• User dependent configs
• Logical services can provide one or more physical services, for example cash dispenser and coin dispenser can be the
part of one logical service.
• logical services: service class, service provider (service provider key name in service providers)
*pic: CEN/XFS specifications
Config. Info. cont..
• Example (logical services)
[HKEY_USERS.DefaultXFSLOGICAL_SERVICESCashDispenser]
"class"="CDM"
“provider"="CDM"
[HKEY_USERS.DefaultXFSLOGICAL_SERVICESPinpad]
"class"="PIN"
“provider"="PIN"
[HKEY_USERS.DefaultXFSLOGICAL_SERVICESMagstripe]
"class"="IDC"
"provider"="IDC"
Important XFS APIs
• WFSStartUp - Initiate a connection between an application and the XFS
Manager
• WFSOpen - Open a session between an application and a service provider
• WFSRegister - Enable monitoring of a class of events by an application
• WFSExecute - Send service-specific commands to a service provider
• WFSGetInfo - Retrieve service-specific information from a service provider
• Pretty much all of the APIs can be called Asynchronously except few (eg:
WFSStartUp etc.)
• Async - WFSAsyncExecute, WFSAsyncOpen, WFSAsyncRegister etc.
• Application must perform WFSOpen for each logical service.
ATM Malware Evolution
2007
2013
2014
2015
2016
Skimer Padpin,
Neopocket
Ploutus
Sucful,
GreenDispenser
Ripper,
Alice
Case Study
• RIPPER ATM Malware
• Linked with Bt12 million hack
• Targets Major ATM manufactures (NCR, Diebold,
Wincor)
• Reads both magnetic stripe and EMV chip data.
• Cash dispenser functionalities
• Lets jump on to the malware code analysis!
Code…
Code (path)
Code..
Code..
References
• CEN/XFS:https://www.cen.eu/work/areas/ICT/
eBusiness/Pages/CWA16374.aspx
• https://www.fireeye.com/blog/threat-research/
2016/08/ripper_atm_malwarea.html
• http://blog.trendmicro.com/trendlabs-security-
intelligence/untangling-ripper-atm-malware/

More Related Content

What's hot

Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C
César Jesús Angulo Gasco
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
FUZZING & SOFTWARE SECURITY TESTING
FUZZING & SOFTWARE SECURITY TESTINGFUZZING & SOFTWARE SECURITY TESTING
FUZZING & SOFTWARE SECURITY TESTING
MuH4f1Z
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST API
Nutan Kumar Panda
 
Redis and Ohm
Redis and OhmRedis and Ohm
Redis and Ohm
awksedgreep
 
Deanonymize Tor Hidden Services
Deanonymize Tor Hidden ServicesDeanonymize Tor Hidden Services
Deanonymize Tor Hidden Services
Fabrizio Farinacci
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support   lior rotkovitchWeb Socket ASM support   lior rotkovitch
Web Socket ASM support lior rotkovitch
Lior Rotkovitch
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
MAHESHUMANATHGOPALAK
 
Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!
Zigoo0
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration Testing
BGA Cyber Security
 
초보자를 위한 시스템 해킹 공부 가이드라인
초보자를 위한 시스템 해킹 공부 가이드라인초보자를 위한 시스템 해킹 공부 가이드라인
초보자를 위한 시스템 해킹 공부 가이드라인
H4C
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based  Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based  Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
Indranil Banerjee
 
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserSecurity Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Anton Chuvakin
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
Ajin Abraham
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
Adrian Sanabria
 
OSINT (Open Source Intelligence) Market - 2017 2022 - Sample Report
OSINT (Open Source Intelligence) Market - 2017 2022 - Sample ReportOSINT (Open Source Intelligence) Market - 2017 2022 - Sample Report
OSINT (Open Source Intelligence) Market - 2017 2022 - Sample Report
Homeland Security Research Corp.
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Vikas Jain
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo Wazuh
Aurélie Henriot
 

What's hot (20)

Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
 
.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
FUZZING & SOFTWARE SECURITY TESTING
FUZZING & SOFTWARE SECURITY TESTINGFUZZING & SOFTWARE SECURITY TESTING
FUZZING & SOFTWARE SECURITY TESTING
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST API
 
Redis and Ohm
Redis and OhmRedis and Ohm
Redis and Ohm
 
Deanonymize Tor Hidden Services
Deanonymize Tor Hidden ServicesDeanonymize Tor Hidden Services
Deanonymize Tor Hidden Services
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support   lior rotkovitchWeb Socket ASM support   lior rotkovitch
Web Socket ASM support lior rotkovitch
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration Testing
 
초보자를 위한 시스템 해킹 공부 가이드라인
초보자를 위한 시스템 해킹 공부 가이드라인초보자를 위한 시스템 해킹 공부 가이드라인
초보자를 위한 시스템 해킹 공부 가이드라인
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based  Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based  Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
 
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserSecurity Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
OSINT (Open Source Intelligence) Market - 2017 2022 - Sample Report
OSINT (Open Source Intelligence) Market - 2017 2022 - Sample ReportOSINT (Open Source Intelligence) Market - 2017 2022 - Sample Report
OSINT (Open Source Intelligence) Market - 2017 2022 - Sample Report
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo Wazuh
 

Viewers also liked

Introduction to Binary Exploitation
Introduction to Binary Exploitation	Introduction to Binary Exploitation
Introduction to Binary Exploitation
Cysinfo Cyber Security Community
 
Amenaza a las bases de datos
Amenaza a las bases de datosAmenaza a las bases de datos
Amenaza a las bases de datos
Leonel Ibarra
 
Answers in environmental education @kaye
Answers in environmental education @kayeAnswers in environmental education @kaye
Answers in environmental education @kaye
Cee Saliendrez
 
Human Capital in de 21e eeuw
Human Capital in de 21e eeuwHuman Capital in de 21e eeuw
Human Capital in de 21e eeuwhan mesters
 
Powerupcloud - Customer Case Studies
Powerupcloud - Customer Case StudiesPowerupcloud - Customer Case Studies
Powerupcloud - Customer Case Studies
Jonathyan Maas ☁
 
How to Keep Students Motivated During Winter
How to Keep Students Motivated During WinterHow to Keep Students Motivated During Winter
How to Keep Students Motivated During Winter
Robert Peters, Ed.D
 
Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014
Rodrigo Montoro
 
DOXLON November 2016: Facebook Engineering on cgroupv2
DOXLON November 2016: Facebook Engineering on cgroupv2DOXLON November 2016: Facebook Engineering on cgroupv2
DOXLON November 2016: Facebook Engineering on cgroupv2
Outlyer
 
POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?
Cysinfo Cyber Security Community
 
Creating a personal narrative
Creating a personal narrativeCreating a personal narrative
Creating a personal narrative
Emily Kissner
 
Open Development
Open DevelopmentOpen Development
Open Development
Paolo Mottadelli
 
Home Brewing R.U.M - Analyzing application performance with real user monitoring
Home Brewing R.U.M - Analyzing application performance with real user monitoringHome Brewing R.U.M - Analyzing application performance with real user monitoring
Home Brewing R.U.M - Analyzing application performance with real user monitoring
Ankit Rastogi
 
Performance Pack
Performance PackPerformance Pack
Performance Pack
day
 
Incident Command: The far side of the edge
Incident Command: The far side of the edgeIncident Command: The far side of the edge
Incident Command: The far side of the edge
Fastly
 
John 15:12 Ministries
John 15:12 MinistriesJohn 15:12 Ministries
John 15:12 Ministries
annettemelk
 
WTF is Sensu and Monitoring
WTF is Sensu and MonitoringWTF is Sensu and Monitoring
WTF is Sensu and Monitoring
Toby Jackson
 
Application Development on Metapod
Application Development on MetapodApplication Development on Metapod
Application Development on Metapod
Cisco DevNet
 
AWS re:Invent 2016: Deploying Scalable SAP Hybris Clusters using Docker (CON312)
AWS re:Invent 2016: Deploying Scalable SAP Hybris Clusters using Docker (CON312)AWS re:Invent 2016: Deploying Scalable SAP Hybris Clusters using Docker (CON312)
AWS re:Invent 2016: Deploying Scalable SAP Hybris Clusters using Docker (CON312)
Amazon Web Services
 
DevOps at Crevise Technologies
DevOps at Crevise TechnologiesDevOps at Crevise Technologies
DevOps at Crevise Technologies
Crevise Technologies
 
An Introduction to event sourcing and CQRS
An Introduction to event sourcing and CQRSAn Introduction to event sourcing and CQRS
An Introduction to event sourcing and CQRS
Haufe-Lexware GmbH & Co KG
 

Viewers also liked (20)

Introduction to Binary Exploitation
Introduction to Binary Exploitation	Introduction to Binary Exploitation
Introduction to Binary Exploitation
 
Amenaza a las bases de datos
Amenaza a las bases de datosAmenaza a las bases de datos
Amenaza a las bases de datos
 
Answers in environmental education @kaye
Answers in environmental education @kayeAnswers in environmental education @kaye
Answers in environmental education @kaye
 
Human Capital in de 21e eeuw
Human Capital in de 21e eeuwHuman Capital in de 21e eeuw
Human Capital in de 21e eeuw
 
Powerupcloud - Customer Case Studies
Powerupcloud - Customer Case StudiesPowerupcloud - Customer Case Studies
Powerupcloud - Customer Case Studies
 
How to Keep Students Motivated During Winter
How to Keep Students Motivated During WinterHow to Keep Students Motivated During Winter
How to Keep Students Motivated During Winter
 
Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014
 
DOXLON November 2016: Facebook Engineering on cgroupv2
DOXLON November 2016: Facebook Engineering on cgroupv2DOXLON November 2016: Facebook Engineering on cgroupv2
DOXLON November 2016: Facebook Engineering on cgroupv2
 
POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?
 
Creating a personal narrative
Creating a personal narrativeCreating a personal narrative
Creating a personal narrative
 
Open Development
Open DevelopmentOpen Development
Open Development
 
Home Brewing R.U.M - Analyzing application performance with real user monitoring
Home Brewing R.U.M - Analyzing application performance with real user monitoringHome Brewing R.U.M - Analyzing application performance with real user monitoring
Home Brewing R.U.M - Analyzing application performance with real user monitoring
 
Performance Pack
Performance PackPerformance Pack
Performance Pack
 
Incident Command: The far side of the edge
Incident Command: The far side of the edgeIncident Command: The far side of the edge
Incident Command: The far side of the edge
 
John 15:12 Ministries
John 15:12 MinistriesJohn 15:12 Ministries
John 15:12 Ministries
 
WTF is Sensu and Monitoring
WTF is Sensu and MonitoringWTF is Sensu and Monitoring
WTF is Sensu and Monitoring
 
Application Development on Metapod
Application Development on MetapodApplication Development on Metapod
Application Development on Metapod
 
AWS re:Invent 2016: Deploying Scalable SAP Hybris Clusters using Docker (CON312)
AWS re:Invent 2016: Deploying Scalable SAP Hybris Clusters using Docker (CON312)AWS re:Invent 2016: Deploying Scalable SAP Hybris Clusters using Docker (CON312)
AWS re:Invent 2016: Deploying Scalable SAP Hybris Clusters using Docker (CON312)
 
DevOps at Crevise Technologies
DevOps at Crevise TechnologiesDevOps at Crevise Technologies
DevOps at Crevise Technologies
 
An Introduction to event sourcing and CQRS
An Introduction to event sourcing and CQRSAn Introduction to event sourcing and CQRS
An Introduction to event sourcing and CQRS
 

Similar to ATM Malware: Understanding the threat

Solvay secure application layer v2015 seba
Solvay secure application layer v2015   sebaSolvay secure application layer v2015   seba
Solvay secure application layer v2015 seba
Sebastien Deleersnyder
 
Internship msc cs
Internship msc csInternship msc cs
Internship msc cs
Pooja Bhojwani
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdf
distortdistort
 
The Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds HackThe Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds Hack
Nicole Fucile-Borsian
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
ibrahimumer2
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
BlackHat 2014 - xsssniper
BlackHat 2014 - xsssniperBlackHat 2014 - xsssniper
BlackHat 2014 - xsssniper
Viyat Bhalodia
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
AlgoSec
 
Private Apps in the Public Cloud - DevConTLV March 2016
Private Apps in the Public Cloud - DevConTLV March 2016Private Apps in the Public Cloud - DevConTLV March 2016
Private Apps in the Public Cloud - DevConTLV March 2016
Issac Goldstand
 
Barrister Enterprise Server Support
Barrister Enterprise Server SupportBarrister Enterprise Server Support
Barrister Enterprise Server Support
avicknair2
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System Administration
Duressa Teshome
 
B) Computer Basics
B) Computer BasicsB) Computer Basics
B) Computer Basics
remotestaffdesignsolution
 
Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android Security
National Cheng Kung University
 
The present and future of serverless observability
The present and future of serverless observabilityThe present and future of serverless observability
The present and future of serverless observability
Yan Cui
 
CSS12 LESSON - Client Server Network.pdf
CSS12 LESSON - Client Server Network.pdfCSS12 LESSON - Client Server Network.pdf
CSS12 LESSON - Client Server Network.pdf
RGSMags
 
CNIT 152: 12b Windows Registry
CNIT 152: 12b Windows RegistryCNIT 152: 12b Windows Registry
CNIT 152: 12b Windows Registry
Sam Bowne
 
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
Oracle Korea
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istio
Inho Kang
 
Secure Form Processing and Protection - Sunshine PHP 2015
Secure Form Processing and Protection - Sunshine PHP 2015Secure Form Processing and Protection - Sunshine PHP 2015
Secure Form Processing and Protection - Sunshine PHP 2015
Joe Ferguson
 
Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.
Alexander Kot
 

Similar to ATM Malware: Understanding the threat (20)

Solvay secure application layer v2015 seba
Solvay secure application layer v2015   sebaSolvay secure application layer v2015   seba
Solvay secure application layer v2015 seba
 
Internship msc cs
Internship msc csInternship msc cs
Internship msc cs
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdf
 
The Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds HackThe Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds Hack
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
 
BlackHat 2014 - xsssniper
BlackHat 2014 - xsssniperBlackHat 2014 - xsssniper
BlackHat 2014 - xsssniper
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
 
Private Apps in the Public Cloud - DevConTLV March 2016
Private Apps in the Public Cloud - DevConTLV March 2016Private Apps in the Public Cloud - DevConTLV March 2016
Private Apps in the Public Cloud - DevConTLV March 2016
 
Barrister Enterprise Server Support
Barrister Enterprise Server SupportBarrister Enterprise Server Support
Barrister Enterprise Server Support
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System Administration
 
B) Computer Basics
B) Computer BasicsB) Computer Basics
B) Computer Basics
 
Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android Security
 
The present and future of serverless observability
The present and future of serverless observabilityThe present and future of serverless observability
The present and future of serverless observability
 
CSS12 LESSON - Client Server Network.pdf
CSS12 LESSON - Client Server Network.pdfCSS12 LESSON - Client Server Network.pdf
CSS12 LESSON - Client Server Network.pdf
 
CNIT 152: 12b Windows Registry
CNIT 152: 12b Windows RegistryCNIT 152: 12b Windows Registry
CNIT 152: 12b Windows Registry
 
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istio
 
Secure Form Processing and Protection - Sunshine PHP 2015
Secure Form Processing and Protection - Sunshine PHP 2015Secure Form Processing and Protection - Sunshine PHP 2015
Secure Form Processing and Protection - Sunshine PHP 2015
 
Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.
 

More from Cysinfo Cyber Security Community

Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
Cysinfo Cyber Security Community
 
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviUnderstanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Cysinfo Cyber Security Community
 
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKGetting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Cysinfo Cyber Security Community
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
Cysinfo Cyber Security Community
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
Cysinfo Cyber Security Community
 
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin ShenoiCloser look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
Cysinfo Cyber Security Community
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Cysinfo Cyber Security Community
 
The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil MahendraThe Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
Cysinfo Cyber Security Community
 
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaReversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
Cysinfo Cyber Security Community
 
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by SreelakshmiDeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
Cysinfo Cyber Security Community
 
Analysis of android apk using adhrit by Abhishek J.M
 Analysis of android apk using adhrit by Abhishek J.M Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
Cysinfo Cyber Security Community
 
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques   	monnappa k aUnderstanding evasive hollow process injection techniques   	monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
Cysinfo Cyber Security Community
 
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication  by ajithkumar vyasaraoSecurity challenges in d2d communication  by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
Cysinfo Cyber Security Community
 
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna aS2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
Cysinfo Cyber Security Community
 
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr   siddharth muraleeDynamic binary analysis using angr   siddharth muralee
Dynamic binary analysis using angr siddharth muralee
Cysinfo Cyber Security Community
 
Bit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc -	ashutosh ahelleyaBit flipping attack on aes cbc -	ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
Cysinfo Cyber Security Community
 
Security Analytics using ELK stack
Security Analytics using ELK stack	Security Analytics using ELK stack
Security Analytics using ELK stack
Cysinfo Cyber Security Community
 
Linux Malware Analysis
Linux Malware Analysis	Linux Malware Analysis
Linux Malware Analysis
Cysinfo Cyber Security Community
 
XXE - XML External Entity Attack
XXE - XML External Entity Attack	XXE - XML External Entity Attack
XXE - XML External Entity Attack
Cysinfo Cyber Security Community
 
Image (PNG) Forensic Analysis
Image (PNG) Forensic Analysis	Image (PNG) Forensic Analysis
Image (PNG) Forensic Analysis
Cysinfo Cyber Security Community
 

More from Cysinfo Cyber Security Community (20)

Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
 
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviUnderstanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
 
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKGetting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
 
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin ShenoiCloser look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
 
The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil MahendraThe Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
 
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaReversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
 
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by SreelakshmiDeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
 
Analysis of android apk using adhrit by Abhishek J.M
 Analysis of android apk using adhrit by Abhishek J.M Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
 
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques   	monnappa k aUnderstanding evasive hollow process injection techniques   	monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
 
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication  by ajithkumar vyasaraoSecurity challenges in d2d communication  by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
 
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna aS2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
 
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr   siddharth muraleeDynamic binary analysis using angr   siddharth muralee
Dynamic binary analysis using angr siddharth muralee
 
Bit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc -	ashutosh ahelleyaBit flipping attack on aes cbc -	ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
 
Security Analytics using ELK stack
Security Analytics using ELK stack	Security Analytics using ELK stack
Security Analytics using ELK stack
 
Linux Malware Analysis
Linux Malware Analysis	Linux Malware Analysis
Linux Malware Analysis
 
XXE - XML External Entity Attack
XXE - XML External Entity Attack	XXE - XML External Entity Attack
XXE - XML External Entity Attack
 
Image (PNG) Forensic Analysis
Image (PNG) Forensic Analysis	Image (PNG) Forensic Analysis
Image (PNG) Forensic Analysis
 

Recently uploaded

Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)
alowpalsadig
 
TMU毕业证书精仿办理
TMU毕业证书精仿办理TMU毕业证书精仿办理
TMU毕业证书精仿办理
aeeva
 
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
campbellclarkson
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
dakas1
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
Grant Fritchey
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 
ACE - Team 24 Wrapup event at ahmedabad.
ACE - Team 24 Wrapup event at ahmedabad.ACE - Team 24 Wrapup event at ahmedabad.
ACE - Team 24 Wrapup event at ahmedabad.
Maitrey Patel
 
What’s New in Odoo 17 – A Complete Roadmap
What’s New in Odoo 17 – A Complete RoadmapWhat’s New in Odoo 17 – A Complete Roadmap
What’s New in Odoo 17 – A Complete Roadmap
Envertis Software Solutions
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
ervikas4
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Orca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container OrchestrationOrca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container Orchestration
Pedro J. Molina
 
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio, Inc.
 
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
Luigi Fugaro
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
kalichargn70th171
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
ShulagnaSarkar2
 
Transforming Product Development using OnePlan To Boost Efficiency and Innova...
Transforming Product Development using OnePlan To Boost Efficiency and Innova...Transforming Product Development using OnePlan To Boost Efficiency and Innova...
Transforming Product Development using OnePlan To Boost Efficiency and Innova...
OnePlan Solutions
 
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
kalichargn70th171
 

Recently uploaded (20)

Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)
 
TMU毕业证书精仿办理
TMU毕业证书精仿办理TMU毕业证书精仿办理
TMU毕业证书精仿办理
 
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 
ACE - Team 24 Wrapup event at ahmedabad.
ACE - Team 24 Wrapup event at ahmedabad.ACE - Team 24 Wrapup event at ahmedabad.
ACE - Team 24 Wrapup event at ahmedabad.
 
What’s New in Odoo 17 – A Complete Roadmap
What’s New in Odoo 17 – A Complete RoadmapWhat’s New in Odoo 17 – A Complete Roadmap
What’s New in Odoo 17 – A Complete Roadmap
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Orca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container OrchestrationOrca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container Orchestration
 
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
 
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
 
Transforming Product Development using OnePlan To Boost Efficiency and Innova...
Transforming Product Development using OnePlan To Boost Efficiency and Innova...Transforming Product Development using OnePlan To Boost Efficiency and Innova...
Transforming Product Development using OnePlan To Boost Efficiency and Innova...
 
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
 

ATM Malware: Understanding the threat

  • 1. ATM Malware: Understanding the Threat Amit Malik Co-Founder @ Cysinfo (https://cysinfo.com) Researcher @ Netskope Linkedin: https://in.linkedin.com/in/doublezer0
  • 2. Disclaimer The Content, Demonstration, Source Code and Programs presented here is “AS IS” without any warranty or conditions of any kind. Also the views/ ideas/knowledge expressed here are solely of the author’s only and nothing to do with the company or the organisation in which the author is currently working. However in no circumstances neither the speaker nor Cysinfo is responsible for any damage or loss caused due to use or misuse of the information presented here.
  • 4. Agenda • Introduction • XFS subsystem/middleware architecture • XFS Internals • ATM Malware evolution • Case Study RIPPER ATM Malware
  • 5. Introduction • ATM (Automated Teller Machine) • As per ATM Industry Association (ATMIA) there are around 3 Million ATMs installed worldwide. • Majority of the ATMs use windows operating system. • WOSA/XFS or CEN XFS is the software standard used by ATM platforms for ATM device interactions. • XFS subsystem basically provides the common API to access and manipulate the ATM devices from different vendors. • Leading ATM vendors: • NCR • Diebold • Wincor
  • 7. XFS (eXtensions for Financial Services) Architecture *pic: CEN/XFS Specifications
  • 8. XFS APIs • Application uses XFS APIs to communicate with service providers. • APIs can be called synchronously or asynchronously. • XSF manager translates the APIs to SPIs • APIs starts with WFS* • Example: WFSOpen, WFSExecute, WFSGetInfo etc.
  • 9. Configuration Information • XFS manager uses configuration information to route APIs to SPIs. • Configuration information is stored in windows registry hives. • PC dependent information is stored under • HKEY_LOCAL_MACHINESOFTWAREXFS • User dependent information is stored under: • HKEY_USERS.DefaultXFS • .Default or user id.
  • 10. Config. Info. cont.. • PC dependant information. • XFS_Manager: trace file, share file information etc. • Service_Provider: XFS compliant service provider - dll name, version, vendor name • Physical_service: physical attachments configuration by the solution providers. *pic:CEN/XFS Specifications
  • 11. Config. Info. cont.. • Example (service providers): [HKEY_LOCAL_MACHINESOFTWAREXFSSERVICE_PROVIDERSPIN] "dllname"="PIN.DLL" "vendor_name"="XFS Solutions Provider" "version"="1.0.0" [HKEY_LOCAL_MACHINESOFTWAREXFSSERVICE_PROVIDERSIDC] "dllname"="IDC.DLL" "vendor_name"="XFS Solutions Provider" "version"="1.0.0" [HKEY_LOCAL_MACHINESOFTWAREXFSSERVICE_PROVIDERSCDM] "dllname"="CDM.DLL" "vendor_name"="XFS Solutions Provoder" "version"="1.0.0"
  • 12. Config. Info. cont.. • User dependent configs • Logical services can provide one or more physical services, for example cash dispenser and coin dispenser can be the part of one logical service. • logical services: service class, service provider (service provider key name in service providers) *pic: CEN/XFS specifications
  • 13. Config. Info. cont.. • Example (logical services) [HKEY_USERS.DefaultXFSLOGICAL_SERVICESCashDispenser] "class"="CDM" “provider"="CDM" [HKEY_USERS.DefaultXFSLOGICAL_SERVICESPinpad] "class"="PIN" “provider"="PIN" [HKEY_USERS.DefaultXFSLOGICAL_SERVICESMagstripe] "class"="IDC" "provider"="IDC"
  • 14. Important XFS APIs • WFSStartUp - Initiate a connection between an application and the XFS Manager • WFSOpen - Open a session between an application and a service provider • WFSRegister - Enable monitoring of a class of events by an application • WFSExecute - Send service-specific commands to a service provider • WFSGetInfo - Retrieve service-specific information from a service provider • Pretty much all of the APIs can be called Asynchronously except few (eg: WFSStartUp etc.) • Async - WFSAsyncExecute, WFSAsyncOpen, WFSAsyncRegister etc. • Application must perform WFSOpen for each logical service.
  • 15. ATM Malware Evolution 2007 2013 2014 2015 2016 Skimer Padpin, Neopocket Ploutus Sucful, GreenDispenser Ripper, Alice
  • 16. Case Study • RIPPER ATM Malware • Linked with Bt12 million hack • Targets Major ATM manufactures (NCR, Diebold, Wincor) • Reads both magnetic stripe and EMV chip data. • Cash dispenser functionalities • Lets jump on to the malware code analysis!