Presented at
DeepSec 2018 „I like to mov &6974,%bx“,
Unknown date/time
(Unknown duration)
Attacks on IVR systems and call centers of bank are interesting and funny, but sometimes they are not so effective. Usually hacker should know some user's information for authorization. So, hacker can gain access to private information and money (sometimes) of one known person, but what he can do, if he want to attack thousands users? Luckily (or no) many people share their information in the Internet. In this talk I will show, how and where attacker can gather information, which can be used for attack on IVR systems. At the final I will show practical case from one private bank.
Presenters:
-
Aleksandr Kolchanov
Aleksandr Kolchanov - I'm independent security researcher and consultant. Ex penetration tester in bank in Russia. I take part in different bug bounty programs (PayPal, Facebook, Yahoo, Coinbase, Protonmail, Telegram, etc), Privatbank (one of the biggest banks from Ukraine) bug bounty program (https://privatbank.ua/ru/safeness/bughunters - pyrk (first place).
Winner of "Hack Internet-Bank" competition of PromSvazBank, Russia. I'm interesting in uncommon security issues, telecom problems, airline security and social engineering.
Links:
Similar Presentations: