Thanks SAP for the vulnerabilities. Exploiting the unexploitable

Presented at TROOPERS16 (2016), March 16, 2016, 2:30 p.m. (Unknown duration).

Bla-blah-blah SAP. Bla-blah-blah big companies. Bla-blah-blah hack multi-million dollar systems. This is how typical SAP Talks are started. But not this time. We are really missing hardcore exploitation stuff and unusual vulnerabilities, no matter where they are. Now it's time for real HARDCORE!

In our presentation, we will tell (and show) how by using a chain of minor vulnerabilities in different SAP services we can take complete control of an affected system. Have you ever heard that a denial of service vulnerability can be used for remote command execution? No, we are not talking about memory corruption. It's about how unexploitablea denial of service vulnerabilities can be exploited together with some minor issues to attack system in a way which you have never imagined.

You'll see the way from Anonymous to SAP_ALL, enjoy!


Presenters:

  • Dmitry Chastuhin
    Dmitry is a Director of security consulting at ERPScan. He works upon SAP security, particularly upon Web applications and JAVA, HANA and Mobile solutions. He has official acknowledgements from SAP for the vulnerabilities found. Dmitry is also a WEB 2.0 and social network security geek and bug bounty who found several critical bugs in Google, Nokia, Badoo. He is a contributor to the EAS-SEC project. He spoke at the following conferences: BlackHat, Hack in the Box, DeepSec, and BruCON
  • Alexander Polyakov
    Founder of ERPScan, President of EAS-SEC.org project, accomplished R&D professional and Entrepreneur of the year. He is an expert at security for business-critical software like ERP, CRM, SRM and industry specific solutions. He has received due recognition having publishing over 100 vulnerabilities, as well as multiple whitepapers, such as annual award-winning "SAP Security in Figures", surveys and a book devoted to information security research in SAP and Oracle. He has presented at more than 50 conferences in 20+ countries in all continents and held training sessions for the CISOs of Fortune 2000 companies, including SAP SE.

Links:

Similar Presentations: