A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Show Me Your Tokens (and Ill show You Your Credit Cards) - Tim MalcomVetter (ShowMeCon 2016) (Hacking Illustrated Series InfoSec Tutorial Videos)

Show Me Your Tokens (and Ill show You Your Credit Cards)
Tim MalcomVetter

ShowMeCon 2016

Abstract:E-Commerce merchants love credit card tokenization as a way to minimize PCI regulationsâ€"but can tokenization stop adversaries? In this talk, we will exploit tokenization services to steal credit cards through subtle design flaws, lazy web practic

Bio: Tim MalcomVetter (@malcomvetter) has fifteen years in defending, building, and breaking systems, built upon a thorough academic foundation. Currently, Tim holds the position of “Director, Advanced Security Testing" Red Team” at the world’s largest commercial entity, Walmart, where he is privileged to lead a team of very skilled Red Team engineers. Before that, Tim was a Principal Consultant in Optiv’s Software Security Group, their top offensive security blogger during his tenure, performing penetration tests and code reviews on web apps, web services, mobile apps, point of sale systems, proprietary TCP socket services, and even fuel pumps and car washes (yes, fuel pumps!). Before that, Tim led agile e-commerce dev teams, led PCI compliance projects at Level 1 merchants, and was the security generalist wearer-of-many-hats. Tim has presented in numerous venues, including Black Hat USA Tools Arsenal, Security BSides, ArchC0N, Secure World Expo, St. Louis Day of .NET, and other developer conferences. Born and raised in the Show Me State, right here in St. Louis, Tim also donates time to coach the Missouri S&T Collegiate Cyber-Defense Team, and spent way too much time in school, including a couple campuses of the University of Missouri system.

Back to ShowMeCon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast