YoVDO

Pwning Oracle EBS for Real Profit

Offered By: Ekoparty Security Conference via YouTube

Tags

Ekoparty Security Conference Courses Penetration Testing Courses SQL Injection Courses Exploit Development Courses

Course Description

Overview

Explore a comprehensive conference talk from Ekoparty Security Conference 2019 that delves into exploiting Oracle E-Business Suite (EBS) for financial gain. Learn about two critical vulnerabilities discovered by security researchers Gaston Traberg and Martin Doyhenard: a Java Deserialization leading to SQL injection and an Arbitrary File Upload allowing OS command execution. Understand how attackers can leverage ERP systems to process fraudulent transactions and generate real cashable checks. Gain insights into the potential risks faced by medium to large organizations using ERP applications for sensitive business operations. Discover the intersection between technical exploitation and insider knowledge of financial systems, and witness a live demonstration of tricking a target system into printing an actual check.

Syllabus

Gaston Traberg & Martin Doyhenard - Pwning Oracle EBS for Real Profit - Ekoparty 2019


Taught by

Ekoparty Security Conference

Related Courses

Hacking and Patching
University of Colorado System via Coursera Software Design Threats and Mitigations
University of Colorado System via Coursera Introduction to Cybersecurity for Teachers
Raspberry Pi Foundation via FutureLearn Identifying Security Vulnerabilities
University of California, Davis via Coursera Web Application Security Testing with Burp Suite
Coursera Project Network via Coursera