SAP strikes back. Your SAP server now counter-attacks

Presented at TROOPERS17 (2017), March 22, 2017, 2:30 p.m. (Unknown duration).

In this presentation, we will demonstrate how attackers can compromise all SAP clients and gain private information from their machines by using the SAP server.

Presenters:

• Vahagn Vardanyan
  Vahagn Vardanyan is a security researcher at the ERPScan company. He has over 60 public CVE's, including 50 ones for SAP. Identified vulnerabilities in PHP, libxml2, and LibTIFF.
• Dmitry Yudin
  Dmitry Yudin is a security researcher at ERPScan. Exploit developer, bug hunter, Linux fan.

Links:

• https://troopers.de/troopers17/talks/766-sap-strikes-back-your-sap-server-now-counter-attacks/
• https://infocon.org/cons/TROOPERS/TROOPERS 2017/SAP strikes back Your SAP server now counter attacks Vahagn Vardanyan, Dmitry Yudin.mp4

Similar Presentations:

• DEF CON 20 (2012) / Uncovering SAP Vulnerabilities: Reversing and Breaking the Diag Protocol
• DeepSec 2017 „Science First!“ / SAP CTF Pentest : From Outside To Company Salaries Tampering (closed)
• DeepSec 2018 „I like to mov &6974,%bx“ / ERP Security: Assess, Exploit and Defend SAP Platforms