“You’'ve got mail - Owning your business with one email”.

Presented at TROOPERS17 (2017), March 22, 2017, 4 p.m. (Unknown duration).

Introduction to mail processing in SAP, business scenarios where this is being used and details on technical processing. Some vulnerabilities in SAP email inbound processing, for example: Snagging credentials by sending emails with malicious attachment to SAP systems running on Windows. Also some DoS examples and Email sender address spoofing.

Presenters:

• Joris van de Vis
  Joris has got extensive experience as a SAP Technical consultant and has a wide interest in everything ?under the hood? of SAP systems. In addition to developing and working as a SAP Technical consultant, his main interest lies in the SAP Security domain. Next to helping business to secure their SAP systems, Joris is also a SAP researcher and reported over 40 vulnerabilities in SAP applications. He has got 15 years of experience in working for large fortune-500 companies and helped government departments with implementing and securing SAP landscapes. Joris is co-founder of ERP-SEC, a SAP security focused company based in the Netherlands. Joris presented at local SAP usergroup events, at many customers’ sites and also on security Conferences like Troopers#16, Hack.LU, cybersecurityalliance and at SAP headquarters.

Links:

• https://troopers.de/troopers17/talks/767-youve-got-mail-owning-your-business-with-one-email/
• https://infocon.org/cons/TROOPERS/TROOPERS 2017/You've got mail Owning your business with one email Joris van de Vis.mp4
• https://troopers.de/downloads/troopers17/TR17_Youve_got_mail.pdf

Similar Presentations:

• DEF CON 20 (2012) / Uncovering SAP Vulnerabilities: Reversing and Breaking the Diag Protocol
• DeepSec 2017 „Science First!“ / SAP CTF Pentest : From Outside To Company Salaries Tampering (closed)
• DeepSec 2018 „I like to mov &6974,%bx“ / ERP Security: Assess, Exploit and Defend SAP Platforms