This session were given in Nile University in Egypt, the video can be found here: https://www.youtube.com/watch?v=mll8_0cKXRg

1. Hacking ATM Machines For Fun & Profit!
By Ebrahim Hegazy

2. Not this type of security guys!

4. Agenda
 ATM Providers overview
 How ATM's Works?
 ATM Components
 How ATM recognize you?
 ATM Skimmers
 Demo Video
 ATM Penetration Testing
 ATM Physical Pentesting
 Logical Penetration Testing
 Disclosed Routers
 ATM Pentesting Story.
 Conclusion
 References
Ignite Your Mind

5. ATM Providers overview
Ignite Your Mind

6. How ATM's Works?
Ignite Your Mind

7. ATM Components
Computer Case
Ignite Your Mind

8. Ignite Your Mind
ATM Components
Operating System

9. ATM Components
Startup Scripts
Ignite Your Mind

10. ATM Components
ATM (Asynchronous Transfer Mode) Switch
Ignite Your Mind

11. How ATM recognize you
Ignite Your Mind

12. How ATM recognize you
Ignite Your Mind

13. ATM Skimmers
Ignite Your Mind

14. ATM Skimmers
Ignite Your Mind

15. ATM Skimmers
Ignite Your Mind

16. Stay Safe
Ignite Your Mind

17. ATM Penetration Testing
Ignite Your Mind

18. Different ATM Hacking Techniques
ATM Forking

19. Different ATM Hacking Techniques
Tyupkin

20. ATM Physical Pentesting
 Surveillance Cameras
 Light buttons
 Lock-Picking
 Disclosed Operating System
 Disclosed Router
 Misconfigured Internet Ports
 Guards Around
 ATM Ground Position
 Old lady scenario?
Ignite Your Mind

21. Logical Penetration Testing
 Operating System Auditing & Pentesting
 Memory Analysis
 Network Penetration Testing
Ignite Your Mind

22. Logical Penetration Testing
 Operating System Auditing & Pentesting
 Booting other Operating System
 BIOS Security
 USB Ports & CD
 Current user privileges
 Easy guessable administrator user password
 Hard coded passwords
 Unprotected private keys
 Outdated softwares
 Etc etc
Ignite Your Mind

23. Logical Penetration Testing
 Lan Turtle
Ignite Your Mind

24. Logical Penetration Testing
 Lan Turtle
Ignite Your Mind

25. Logical Penetration Testing
Ignite Your Mind
 Lan Turtle

26. Logical Penetration Testing
 Memory Analysis
Ignite Your Mind

27. Logical Penetration Testing
 Network Penetration Testing
 Bypassing Port Security
 Network Isolation
 Data Encryption at transit & at rest
 Scanning Network Services
 Misconfigurations
 Un-patched Systems
 Services with guessable passwords
 Common Network Attacks (ARP Spoofing, DNS Poisoning)
 Etc etc …..
Ignite Your Mind

28. Disclosed Routers
Ignite Your Mind

29. Disclosed Routers
Ignite Your Mind
Demo Time

30. Disclosed Routers
 What could go wrong?
 DOS Attack
 Plug the Ethernet cable
into your Laptop
 Hmm! Port Security?
 Physical Security?
Ignite Your Mind

31. Real ATM Pentesting Scenario
Ignite Your Mind

32. Ignite Your Mind

33. References
 Networking Concepts
https://www.cybrary.it/course/cisco-ccna/
 Network Attacks
https://www.cybrary.it/course/advanced-penetration-testing/
 ATM Skimmers
http://krebsonsecurity.com/all-about-skimmers/
Ignite Your Mind
MACchanger Lock-Picking Cisco ISE SNMP
Kali Linux Volatility OSI Model Domain Controller
Active Directory Lan Turtle Enum4Linux SMB Null Session

34. Ignite Your Mind

35. Ignite Your Mind
 Ebrahim Hegazy
 www.sec-down.com
 Twitter.com/zigoo0
 Zigoo.blog@gmail.com