Unexpected Intrusion Testing Results in SAP Systems - Critical Vulnerabilities and Exploits
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore a captivating conference talk that unveils critical vulnerabilities discovered during a penetration test of a SAP System running in the new "RISE with SAP" cloud environment. Delve into the journey from initial local exploits to remote vulnerabilities in the SAP Start Service, uncovering hidden threats that could lead to disasters. Follow the speaker's analysis of saposcol.exe and sldreg.exe binaries, network communications, and the discovery of a memory corruption with libc leak and an OS command injection, both resulting in remote code execution as root or NT/SYSTEM. Witness a recorded demonstration of these exploits and gain valuable insights into new documentation, recommendations, and related SAP OSS Notes and CVEs. Learn from Yvan Genuer, a Senior Security Researcher at Onapsis with 18 years of SAP experience, as he shares his expertise in SAP security and vulnerability research.
Syllabus
#HITB2023HKT D2T2 - A Story Of Unexpected Intrusion Testing Results - Yvan Genuer
Taught by
Hack In The Box Security Conference
Related Courses
Binder - The Bridge To Root - Hongli Han and Mingjian ZhouHack In The Box Security Conference via YouTube JARVIS Never Saw It Coming - Hacking Machine Learning in Speech, Text and Face Recognition
44CON Information Security Conference via YouTube SyScan360'16 Singapore - Memory Corruption Is For Wussies
SyScan360 via YouTube Select Code Execution From Using SQLite
media.ccc.de via YouTube BLEEDINGBIT - Your APs Belong to Us
Black Hat via YouTube