YoVDO

Systems Applications Proxy Pwnage

Offered By: 44CON Information Security Conference via YouTube

Tags

44CON Courses Compression Algorithms Courses Authentication Bypass Courses

Course Description

Overview

Explore the intricacies of Systems Applications Proxy (SAP) security in this 43-minute conference talk from the 44CON Information Security Conference 2011 Technical Track. Presented by Ian De Villiers of SensePost, delve into SAP conquest data, fundamentals, and compression algorithms. Examine the compression protocol, decompression length, and learn how to use Wireshark for group connections. Investigate recompression techniques, application protocols, message types, and transaction IDs. Analyze input fields, complex messages, and bar structures. Understand the inner workings of SAP systems and explore potential attack vectors through the API. Discover authentication bypass methods, validation techniques, and replay attacks. Witness a live demonstration featuring SAP GUI and learn about the implications for enterprise security. Conclude with a comprehensive summary and insights into the future of SAP security.

Syllabus

Intro
Welcome
Agenda
Why
Disclaimers
History
SAP Conquest Data
Fundamentals
Compression Algorithm
Compression Protocol
Decompression Length
Wireshark
Group Connections
Recompression
Application Protocol
Message Types
Transaction ID
Other Information
Input Fields
Complex Messages
bars
FF structures
How it works
Attack API
Authentication Bypass
Validation
Replay
Demo
SAP GUI
Boss
Summary
Sunset


Taught by

44CON Information Security Conference

Related Courses

Supply Chain Unchained - How To Be A Bad SaaS
44CON Information Security Conference via YouTube
Aviation Security 101
44CON Information Security Conference via YouTube
The Anti-Checklist Manifesto
44CON Information Security Conference via YouTube
Why Are We Still Doing Authentication Wrong?
44CON Information Security Conference via YouTube
What Do Hackers See When They Look at the Clouds
44CON Information Security Conference via YouTube