Скачать презентацию
Идет загрузка презентации. Пожалуйста, подождите
Презентация была опубликована 10 лет назад пользователемИнга Сульдина
1 Arch bugs in BSS Gleb Cherbov Security Researcher Digital Security (ERPScan)
2 © , Digital Security Banking 2 Arch bugs in BSS
3 © , Digital Security 3 Arch bugs in BSS Internet banking. Client side
4 © , Digital Security How it worx 4 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment
5 © , Digital Security How it worx 5 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment
6 © , Digital Security How it worx 6 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment
7 © , Digital Security How it worx 7 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment
8 © , Digital Security Select a target 8 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment SQL injection Insider attack
9 © , Digital Security Select a target 9 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment
10 © , Digital Security Select a target 10 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment
11 © , Digital Security 11 Arch bugs in BSS Operators environment OperatorDBMS oper_login oper_pass dbo_admin Authentication
12 © , Digital Security 12 Arch bugs in BSS dbo_admin is the only account at DBMS dbo_admin has full access every operator can connect to DBMS directly oper auth on app side Dbo_admin
13 © , Digital Security 13 Arch bugs in BSS dbo_admin password is encrypted Lookin for a passwd and stored in a.cfg file near the app
14 © , Digital Security 14 Arch bugs in BSS Quote its impossible to decrypt it (c) BSS support
15 © , Digital Security 15 Arch bugs in BSS Lets take a look RSA modulus RSA private exp Unusual base64 alphabet
16 © , Digital Security 16 Arch bugs in BSS Lets take a look Well… looks like base64?
17 © , Digital Security 17 Arch bugs in BSS Also… Innovative password storage widely used in BSS products With the same hardcoded RSA key
18 © , Digital Security Malware 18 Arch bugs in BSS ABS WEB Server + App Server DBMS Operator Operators environment Get conf file Decrypt dbo_admin pass Wreak havoc
19 © , Digital Security 19 Arch bugs in BSS Attack vector? Insider Targeted attack Malware
20 © , Digital Security 20 Arch bugs in BSS Tricky data manipulations
21 Digital Security in Moscow: +7 (495) Digital Security in Saint Petersburg: +7 (812) Questions?
Еще похожие презентации в нашем архиве:
© 2024 MyShared Inc.
All rights reserved.