Uncovering SAP Vulnerabilities - Dissecting and Breaking the Diag Protocol

Explore the intricacies of SAP vulnerabilities in this 46-minute conference talk from BruCON Security Conference. Delve into the Diag protocol, a critical component of SAP Netweaver's application-level communications between SAP GUI and SAP Netweaver Application Servers. Discover novel approaches to uncovering vulnerabilities in SAP software through protocol analysis and manipulation tools. Learn about man-in-the-middle attacks, RFC calls injection, rogue SAP server deployment, and SAP GUI client-side attacks. Gain insights into hardening SAP installations and mitigating potential threats. Follow along as the speaker dissects the Diag protocol, highlights security concerns, and demonstrates packet dissection using the SAP plugin for Wireshark and packet crafting with pysap. Understand the fuzzing approach, explore discovered vulnerabilities, and examine various attack scenarios. Conclude with a discussion on recent changes, defense strategies, and future work in SAP security.

Intro
Agenda
Introduction
Previous work on Diag protocol
Motivation
SAP Netweaver architecture
Relevant concepts and components
SAP Protocols layout
Dissecting and understanding the Diag protocol
Diag protocol security highlights
Packet dissection - SAP plugin for Wireshark
Packet crafting - pysap
Fuzzing approach
Vulnerabilities found
Attack scenarios
Recent changes
Defenses and countermeasures
Conclusion
Future work