ATM Compromise with and without Whitelisting

system penetrationATM compromise through the use of malicious software is on the increase across the world.  At EAST FCS 2015 a demonstration will show how a Windows ATM platform can be compromised through malware infection – this will be done using advanced techniques that evade anti-virus and whitelisting protection.  A virtual ATM machine running on Windows XP and Windows 7, with an XFS layer both with and without application whitelisting, will be infected using known ATM malware.

The demo will be carried out by Alexandru (Alex) Mihai Gherman, Principal Security Consultant, FortConsult. In a follow up demo, he will then show how to compromise a Windows ATM platform that is protected by a well known whitelisting solution used by many banks, highlighting the various security features. The ATM will be infected with malware used for a jackpotting attack. The infection will use process and library memory injection techniques and will attempt to exploit vulnerabilities in the binaries that are supposedly protected by the whitelisting solution, leading to deactivation and system compromise.

About Alexandru Mihai Gherman

Mihai_Alexandru_Petrea_FortconsultAlex is a computer security specialist with over 14 years experience.  As Principal Security Consultant at FortConsult he specialises in Research & Development, Security Incident Response, Forensic and Malware Analysis, Application Security, and Mobile Security.

He has a strong focus in reverse engineering malware, incident response and forensics, reverse engineering software (including ARM and MIPS embedded systems), vulnerability research and analysis, and in smartphone hardware, software and malware analysis (Android and Apple iOS).

His professional experience includes attack techniques such as Shell Coding, ELF and dynamic-linking, stack overflows, Ret2libc, Return-Oriented Programming (ROP), heap spraying, application-level heap attacks, stack flapping and defeating ASLR and DEP.  He is well versed in Python, Java, C/C+ and has specialised in internal and external penetration testing applications, networks, applications and wireless networks, testing Web Application Programming Interfaces (REST-based, JSON, SOAP) against OWASP vulnerabilities.

He is currently involved in researching reverse engineering software running on Atmel microcontrollers, ARM and MIPS embedded devices and car hacking.