OWASP London chapter meeting (Guest Speaker)

It is a great honour to have been invited to speak at the OWASP London Chapter meeting this May. (Thursday, 18 May 2017 - Central London)
More importantly, as this meeting is sponsored by WorldPay, it is a fantastic opportunity to share previous work I have done on payment systems over the past few years.   

Allow me to say a big Thank You to the OWASP London Chapter organisers for the work they put in to keep the London chapter so live & active, and of course to WorldPay, for supporting this meeting, and for being so kind to host it at their premises. If you are interested to find out more OWASP, make sure you attend the OWASP Summit 2017.

Given the opportunity for this blog-post, I would also like to thank you all for your messages about my talk. I am very pleased to hear that the tickets for OWASP London Chapter meeting this month were sold-out that fast and that the organisers had to activate the waiting list. The organisers also mentioned that due to the high demand, they will consider live streaming. So, stay tuned for updates on that as I am planning to schedule a number of tweets to go out before and during the talk. Thus, for updates you can follow me on Twitter: @drgfragkos

BruCON 2016 (0x08) - Speaking about POS, POI & VT (the undisclosed talk)

It was a great honour for me to present this year at a hacking conference like BruCON (brucon.org). 

As many of you already know, I started this because I wanted to know how the payment process works behind the scenes (Payment Card Industry - PCI) and how secure these systems are, which we take for granted on a daily basis. 

After researching Point-of-Sales (POS), Point-of-Interaction (POI) devices and Virtual Terminals (VT) for almost 4 years, it was about time to do a presentation that wouldn't be behind closed doors as I usually do. I talked with a number of acquires, issuers, payments processors and POI OS manufacturers and let them know about my findings way before this talk. 

POS Malware Alert - AbaddonPOS and Cherry Picker

Two new malware files have been identified targeting point-of-sale (POS) terminals called AbaddonPOS and Cherry Picker. 

The AbaddoPOS malware is delivered by the Angler Exploit Kit or through an infected Microsoft Office document. The malware targets the memory of all processes running on the infected system (excluding its own memory space) looking for card data. Once the card data has been found, it is sent back to a Command and Control (C&C) server. 

The Cherry Picker also targets card data but there is some further functionality built-in to it. It tries to clean up after itself and this is the main reason why it went undetected for such a long time. Another characteristic of the Cherry Picker is that it focuses on just one process that is known to contain card data. That way it attracts as little attention as possible, compared to trying to target all running processes on the infected system.