BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Where’s the Money: Defeating ATM Disk Encryption\n
    When: Friday\, Aug 9\, 15:50 - 16:30 PDT\n   Where: LVCC West/Floor 1/H
 all 2/Creator Stage 1 - [1]Map\n\n   Description:\n\n   Holding upwards of
  $400\,000\, ATMs continue to be a target of\n   opportunity and have seen
  over a 600% increase in crime in just the\n   last few years. During this
  time\, I led security research with another\n   colleague into the enterp
 rise ATM industry resulting in the discovery\n   of 6 zero-day vulnerabili
 ties affecting Diebold Nixdorf’s Vynamic\n   Security Suite (VSS)\, the 
 most prolific ATM security solution in the\n   market. 10 minutes or less 
 is all that a malicious actor would need to\n   gain full control of any s
 ystem running VSS via offline code injection\n   and decryption of the pri
 mary Windows OS. Diebold Nixdorf is one of\n   three major North American 
 enterprise class ATM manufacturers with a\n   global presence in the finan
 cial\, casino/gaming\, and point-of-sale\n   markets. Similar attack surfa
 ces are currently being used in the wild\n   and impact millions of system
 s across the globe. Furthermore\, VSS is\n   known to be present throughou
 t the US gaming industry\, including most\n   of the ATM/cash-out systems 
 across Vegas.\n\n   In this session\, I will walk through my research\, re
 view the discovery\n   process\, and dive into the technical intricacies o
 f each\n   vulnerability. The Full Disk Encryption module of VSS conducts 
 a\n   complex integrity validation process to ensure a trusted system stat
 e\,\n   performed as a layered approach during system initialization.\n   
 Examination of this workflow will highlight various deficiencies that\n   
 I will demonstrate through PoC exploitation.\n\n   Each vulnerability pres
 ented in this session has been observed to have\n   a recursive impact acr
 oss all major versions of VSS and represents a\n   systemic ongoing risk. 
 We will explore the root-cause\, vendor\n   remediation steps\, and short-
 comings thereof – perpetuating the\n   attack narrative. In conclusion\,
  proper mitigation techniques and\n   procedures will be covered\, providi
 ng valuable insights into defending\n   against potential compromise.\n\n 
   SpeakerBio:  Matt Burch\, Independent Vulnerability Researcher\n\n   Mat
 t Burch is an independent vulnerability researcher with 20 years of\n   ex
 perience in the information security industry and 15 years of focus\n   in
  adversarial testing and simulation. He specializes in ATM\, IoT\,\n   mob
 ile application\, and IP based vulnerability research. With this\n   diver
 se background\, he has successfully identified unique deficiencies\n   in 
 high-security products – awarding him numerous CVE\n   accreditations.\n
 \n   '\n\n   1. #LVCCW_Level1_Hall2\n\n\n
DTEND:20240809T233000Z
DTSTART:20240809T225000Z
LOCATION:IOTV - LVCC West/Floor 1/Hall 2/Creator Stage 1
SUMMARY:Where’s the Money: Defeating ATM Disk Encryption
END:VEVENT
END:VCALENDAR