Loading the player...
mTan & OOB Methods In this video, we show the vulnerability of out-of-band (OOB) transaction validation techniques, and in particular mTan methods. The hackers employ social engineering and interface manipulation vectors to trick the user in believing that he is communicating with the Bank security staff while instead he is validating a fraudulent transaction.
Social Engineering & Interface Manipulation In this Attack, the Hackers target an out-of-band transaction validation method implemented with the use of the ZTIC device. The user is tricked into validating a fraudulent transaction by the combined action of social engineering and interface manipulation attack vectors.
Static Code Dumping & Patching This Video describes an attack whereby a hacker replaces a standard web browser's files with a modified version of the executable code. This allows to steal sensitive information and take full control of the user's browsing activity.
Screen Capturing This Attack Scenario describes how hackers can obtain valuable information by screen capturing the data shown on the display of the PC. Using this technique, the criminals can steal e-banking passwords and sniff the contents of sensitive images and documents without the knowledge of the victim.
PDF Form Spoofing This scenario describes a targeted attack against form filling and digital signing using PDF Reader. The victim is tricked into validating a fraudulent wire transfer request by the combined action of event emulation and window overlay attack vectors.
Dynamic Code Dumping And Patching This Video describes an attack whereby malware uses DLL-injection techniques to modify the details of a Web browser transaction.The malware gains access to the computer’s memory,locates the Web browser’s process and injects new code in the process in order to change the transaction data on the fly.
Window Overlay and Event Emulation In this video we describe a powerful attack scenario which combines the event emulation and window overlay attack vectors. The Victim is left to carry out his online transaction as usual, while in the background the malware is changing on the fly the transaction details in order to transfer funds to the Hacker.
Keystroke and Event Emulation In this video we showcase a very common attack scenario which uses the keystroke and mouse event emulation attack vectors. The Victim is shown a locked screen while in the background the malware is carrying out the fraudulent transaction by emulating all the required keyboard entries and mouse clicks.
Session Hijacking In this video we describe how a Hacker can hijack an active browsing session by sniffing directly from memory some of the browser's critical data, such as the session cookies and the session ID.