Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

PRESENTATION MATERIALS

PHOTOS / VIDEOS

Official conference photos and HD videos will be made available in the next 2-3 weeks. Please follow @hitbsecconf on Twitter for links or join our Facebook Group

Juan Perez-Etchegoyen (Chief Technology Officer, Onapsis)

PRESENTATION TITLE:  Inception of the SAP Platform’s Brain: Attacks Against SAP Solution Manager

PRESENTATION ABSTRACT:

Global Fortune 1000 companies, large governmental organizations and defense entities have something in common – they rely on SAP platforms to run their business-critical processes and information. Any cyber-criminal looking to perform espionage, sabotage or financial fraud attacks knows that these systems are keeping the business crown jewels.

In all SAP implementations there is a special system, which acts as the “brain” of the platform: the SAP Solution Manager. Using proprietary interfaces and protocols, the Solution Manager connects to and manages all the “satellite” SAP systems of an implementation (ERP, CRM, SCM, etc). Therefore, if an attacker compromises the SolMan, he would be able to expand his control to all the managed environments. In addition, due to architectural weaknesses, it would be possible for a malicious party to compromise a satellite system first and then use this as a pivot to the SolMan.

Through several live demos, this presentation presents novel attack vectors that a malicious hacker may use in his quest to break into the SAP Solution Manager, which would result in a total compromise of the SAP implementation. We will analyze the root causes of the technical vulnerabilities that enable these attacks and what you need to do in order to mitigate these threats in your organization.

ABOUT JUAN PEREZ-ETCHEGOYEN

Juan Perez-Etchegoyen is the CTO of Onapsis, leading the Research and Development teams that keep the company in the cutting-edge of the ERP security field. Juan is fully involved in the design, research and development of all the innovative Onapsis software solutions. Responsible for managing the Onapsis Research Labs, Juan has also been actively involved in the coordination and research of critical security vulnerabilities in ERP applications and business-critical infrastructure, such as SAP, Oracle and JD Edwards.

He has extensive experience in the information security field, being involved in large research, penetration testing, vulnerability assessment and security implementations projects, among other kind. As a result of his research work and experience, Juan  has been invited to lecture and train in security conferences such as BlackHat, HITB Malaysia and Ekoparty, as well as to host private trainings on different aspects of information security for Global Fortune-100 organizations.

Okura Hotel Amsterdam
Ferdinand Bolstraat 333, 1072 LH Amsterdam,
The Netherlands

1-Day Intensive Training Sessions – 21st of May / 0900 – 1800

 

SPECIAL OPS 1  - WIRELESS SECURITY KUNGF00

SPECIAL OPS 2  – THE ART OF EXPLOITING SQL INJECTION FLAWS

SPECIAL OPS 3 – MOBILE APPLICATION HACKING – ATTACK & DEFENSE



2-Day Hands on Training Sessions – 22nd – 23rd of May / 0900 – 1800

TECH TRAINING 1  – HUNTING WEB ATTACKERS

TECH TRAINING 2  – ADVANCED LINUX EXPLOITATION METHODS

TECH TRAINING 3  - ADVANCED APPLICATION HACKING – ATTACKS, EXPLOITS & DEFENSE

 

 



3-Day Hands on Training Sessions – 21st, 22nd & 23rd of May / 0900 – 1800

TECH TRAINING 4  – THE EXPLOIT LABORATORY: ADVANCED EDITION




QUAD TRACK CONFERENCE – 24th & 25th of May / 0900 – 1800

Featuring keynotes by BRUCE SCHNEIER and ANDY ELLIS



EVENT ORGANIZER

LOCAL PARTNER

PLATINUM SPONSORS

GOLD SPONSORS

TITANIUM SPONSOR (POST CONFERENCE RECEPTION + SPEAKER RECEPTION)

SILVER SPONSOR

HACKWEEKDAY SPONSOR

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HITB LAB / SIGINT SPONSOR

NETWORK SPONSORS AND UPLINK

ADDITIONAL SUPPORT BY

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2012 Hack In The Box | http://www.hackinthebox.org

<<
( / 10 )
>>