Upload File

parcomagic security analysis of public terminals denis makrushin (@difezza), kaspersky lab stanislav...

  • Home
  • Documents
  • PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies
19
PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav Merzlyakov Positive Technologies

Upload: eleanore-lawrence

Post on 21-Jan-2016

220 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

PARCOMAGICSecurity analysis of public terminals

Denis Makrushin (@difezza), Kaspersky LabStanislav Merzlyakov Positive Technologies

Page 2: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Watch out! Watchdogs.

Page 3: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Common usage devices

Page 4: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Life is a good teacher

Page 5: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Possibility of evil input

Page 6: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Possibility of evil input

Page 7: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Possibility of evil input

Page 8: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Methodic of Penetration testing

Virtual keyboard

Usage special crafted info or symbols to open files, execute scripts, injection

or BOF

Moving in Control panel

Execute your code

Right click, gestures, opening windows Start menu

Windows Help or Desktop

Input Data fuzzing

Tap-fuzzing

Escape from the application

Fullscreen application

Page 9: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

View from the developer

Page 10: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Street magic: escape from the app

Page 11: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Street magic: virtual keyboard

Page 12: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Who am i?

Page 13: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Another kind of POC?

Page 14: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Catch me!

Page 15: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Bad full screen

Page 16: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Yep, bad full screen again

Page 17: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Post-exploitation

• Located in public places• 24/7 available• Same configuration• The higher degree of

confidence from the user• Connected to each other and to

private network

• Advertising• Social engineering/phishing• Botnet use cases• Dump of app for offline

reversing• Internal network attack• …

Page 18: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

Take a look around

Firewall

Terminal’s server

Main office

Page 19: PARCOMAGIC Security analysis of public terminals Denis Makrushin (@difezza), Kaspersky Lab Stanislav MerzlyakovPositive Technologies

[email protected]@yandex.ru

http://defec.ru

THANK YOU


Stanislav Sidorov.docx

Kaspersky Lab

Holotropic Breathwork: Stanislav Grof, M.D. Breathwork by Stanislav Grof, MD.pdf1 Holotropic Breathwork: New Perspectives in Psychotherapy and Self-Exploration Stanislav Grof, M.D

Portfolio Stanislav

Kaspersky Internet Security 2011 and Kaspersky Anti

Kaspersky Lab Kaspersky Administration Kit Features Overview

Stanislav 9klas

Stanislav Smirnov - ku

Kaspersky userguide

LE DROIT À L’EAU POTABLE ET À L’ASSAINISSEMENT, sa mise en … · 2016. 8. 11. · ([email protected]) and ([email protected]). Marcusohn Victor, LLM en droit de l'environnement,

Art Stanislav Plutenko

Denis Makrushin - Web under pressure DDoS as a service

Kaspersky Endpoint Security 8 для Windows Kaspersky Security Center

Kaspersky Security Center 10 KSN proxy settings · Properties: Kaspersky Endpoint Security 10 SPI for Linux KSN settings Kaspersky Security Network Kaspersky Security Nethork (KSN)

How to install Kaspersky Internet Security for AndroidHow to install Kaspersky Internet Security for Android 1. Go toPlay Store,type Kaspersky then choose Kaspersky Mobile Antivirus:

Contact Kaspersky Support CA When Kaspersky is not Updating Automatically

Kaspersky Lab Facts Kaspersky Lab vs. Trend Micro

Stanislav Donets

Kaspersky Threat Hunting - antivirus.lv · The Kaspersky Managed Protection service offers Kaspersky Endpoint Security and Kaspersky Anti Targeted Attack Platform users a fully managed

ROAD DATA - BADVORMAYA,KOLOMYYA, STANISLAV & VICINITY · title: road data - badvormaya,kolomyya, stanislav & vicinity subject: road data - badvormaya,kolomyya, stanislav & vicinity

Jaso Stanislav

Kaspersky SME Program-2 · Kaspersky 2017 Anti-Virus 1 PC Kaspersky 201 7 Anti-Virus 3 PCs Kaspersky 201 7 Internet Security 1 Kaspersky 2017 Internet Security 3 Kaspersky 201 7 Total

The protection technologies of Kaspersky Endpoint Security · PDF fileThe protection technologies of Kaspersky ... The protection technologies of Kaspersky Endpoint Security ... Kaspersky

Kaspersky Lab Facts Kaspersky Lab vs. McAfee. Kaspersky Lab: Principal facts Kaspersky Lab is a private company founded in 1991. Eugene Kaspersky, one

Kaspersky Endpoint Security for Business · Kaspersky Endpoint Security for Business Kaspersky for Business Designed and built by the industry’s leading security experts, Kaspersky

Kaspersky ASAP: Kaspersky Automated Security Awareness ... · Kaspersky ASAP: Kaspersky Automated Security Awareness Platform Más del 80 % de los ciberincidentes se debe a errores

Kaspersky Rescue Disk - Kaspersky Lab | Antivirus Protection

Kaspersky Safe Browser - Kaspersky Internet Security · Kaspersky Safe Browser is a web browser that provides safe Internet access for iOS and Windows Phone devices. Kaspersky Safe

Kaspersky Lab Facts Kaspersky Lab vs. Symantec. The companies: principal facts Kaspersky Lab A private company established in 1991. Founder Eugene Kaspersky

Kaspersky OpenSpace Security Kaspersky ® OpenSpace Security Christian Runte Biodata

KASPERSKY LAB Kaspersky Administration Kit version 6

Curriculum Vitae Stanislav

Kaspersky Security for Enterprise...5 Kaspersky Security for Enterprise 2 1 Endpoints Kaspersky Endpoint Security for Business Kaspersky Embedded ... Information Security and Development

Kaspersky User

Licensing Guide Kaspersky Hybrid Cloud Security · Kaspersky Hybrid Cloud Security Licensing guide Kaspersky Hybrid Cloud Editions Kaspersky Hybrid Cloud is available in two editions