Professional Documents
Culture Documents
Amol Sarwate
Director of Vulnerability Labs, Qualys Inc.
@amolsarwate
Agenda
Image: http://www.q-card.com/support/magnetic-stripe-card-standards.asp
Magnetic Stripe: Track 1
%B4074410291410104^Doe/John^140910100000182?
Image: http://www.q-card.com/support/magnetic-stripe-card-standards.asp
Magnetic Stripe: Track 2
;4074410291410104=140910100000182?
Image: http://www.q-card.com/support/magnetic-stripe-card-standards.asp
Major Transition Types
EnumProcesses
OpenProcess
EnumProcessModules
GetModuleBaseName
RAM Scraper Attack Working
Step 1: Step 2:
Find POS process Elevate privilege to
with credit card data SE_DEBUG_NAME
OpenProcessToken
LookupPrivilegeValue
AdjustTokenPrivileges
RAM Scraper Attack Working
OpenProcess
RAM Scraper Attack Working
VirtualQueryEx
ReadProcessMemory
RAM Scraper Attack Working
(85 + 5) mod 10 = 0
Luhn algorithm – Quick and dirty C++ code
Thank You
@amolsarwate