Anatomy of memory scraping, credit card stealing POS malware

BSidesLV 2014

Presented by: Amol Sarwate
Date: Tuesday August 05, 2014
Time: 16:00 - 16:50
Location: Breaking Ground

Cedit card stealing RAM scraper malware is running amok compromising point-of-sale (POS) systems. Recent breaches have shown that exposure to such attacks is high and there is a lot at risk. This presentation shows how the attack is carried out by looking at the nuts-and-bolts of a home grown malware sample. During the demo we will pretend to be the bad guy and steal information from the belly of the POS process. Then we switch hats, expose the malware to multiple environmental hazards to study its behavior and identify strategies that can be implemented to make it hard for the malware to behave correctly and deter the bad guys. If all goes well, you will walk away with RAM scraping and prevention mojo.

Amol Sarwate

Director of Vulnerability and Compliance Labs, Qualys Inc. Amol heads Qualys' worldwide security engineering team responsible for vulnerability and compliance research. His team tracks emerging threats and develops software which identifies new vulnerabilities and insecure posture for Qualys’ VM, PC, PCI and QBC services. Amol is a veteran of the security industry and has devoted his career to protecting, securing and educating the community from security threats. Amol has presented his research on Vulnerability Trends, Security Axioms, SCADA security, Malware and other security topics at numerous security conferences, including RSA Conference, BlackHat, Hacker Halted, SecTor, BSides, InfoSec Europe, NullCon, GrrCon, ISSA, Homeland security Network HSNI and FS/ISAC. He regularly contributes to the SANS Top 20 expert consensus identifying the most critical security vulnerabilities. He writes the “HOT or NOT” column for SC Magazine and holds a US patent for Systems and Methods for Performing Remote Configuration Compliance Assessment of a Networked Computer Device


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats