SAP BusinessObjects Attacks

Explore SAP BusinessObjects security vulnerabilities and attack vectors in this conference talk from TROOPERS14. Dive into the architecture, persistence mechanisms, and communication protocols of SAP BusinessObjects. Learn about potential security issues, including information disclosure and man-in-the-middle attacks. Witness live demonstrations of exploits using tools like Query Builder, Wireshark, and PowerShell. Gain insights into reconnaissance techniques, account identification, and encryption weaknesses. Discover practical recommendations for securing SAP BusinessObjects deployments and staying up-to-date with security notes and version information.

Introduction
Agenda
What is SAP BusinessObjects
SAP BusinessObjects Persistence
SAP BusinessObjects Architecture
BusinessObjects Services
BusinessObjects Communication
Corporate
Corporate listeners
Example
Attackers
Ports
Other Ports
Demo
Recommendation
Identify Accounts
Accounts
Security Notes
Version Information
Maninthemiddle Attacks
Initial Reconnaissance
Potential Issues
Options
Information Disclosure
Long Demo
Query Builder
Wireshark
Logon Tokens
PowerShell
File System
Admin Guide
Encryption