YoVDO

Unexpected Intrusion Testing Results in SAP Systems - Critical Vulnerabilities and Exploits

Offered By: Hack In The Box Security Conference via YouTube

Tags

SAP Security Courses Network Security Courses Penetration Testing Courses Command Injection Courses Cloud Security Courses Exploit Development Courses Binary Analysis Courses Remote Code Execution Courses Vulnerability Research Courses Memory Corruption Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a captivating conference talk that unveils critical vulnerabilities discovered during a penetration test of a SAP System running in the new "RISE with SAP" cloud environment. Delve into the journey from initial local exploits to remote vulnerabilities in the SAP Start Service, uncovering hidden threats that could lead to disasters. Follow the speaker's analysis of saposcol.exe and sldreg.exe binaries, network communications, and the discovery of a memory corruption with libc leak and an OS command injection, both resulting in remote code execution as root or NT/SYSTEM. Witness a recorded demonstration of these exploits and gain valuable insights into new documentation, recommendations, and related SAP OSS Notes and CVEs. Learn from Yvan Genuer, a Senior Security Researcher at Onapsis with 18 years of SAP experience, as he shares his expertise in SAP security and vulnerability research.

Syllabus

#HITB2023HKT D2T2 - A Story Of Unexpected Intrusion Testing Results - Yvan Genuer


Taught by

Hack In The Box Security Conference

Related Courses

Threat Hunting with Yara
Pluralsight Reverse Engineering 3201: Symbolic Analysis
OpenSecurityTraining2 via Independent Firing Rounds at the Analysis Shooting Gallery - CSAW'16 Security Workshop
New York University (NYU) via YouTube angr: Binary Analysis Framework - Demonstration and Analysis
New York University (NYU) via YouTube Debin: Predicting Debug Information in Stripped Binaries
Association for Computing Machinery (ACM) via YouTube