SAP Incident Response, real life examples on how to attack and defend
SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world, these companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, suppliers, customers, credit cards, business intelligence, Etc.
As a veteran SAP forensic investigator, I had the opportunity to experience first-hand how real life adversaries are attacking these kind of systems by executing complex hacking techniques like abusing unauthenticated SAP protocols and standard functionality with the objective of performing espionage, sabotage and fraud attacks.
This scenario is particularly dangerous, as most SAP professionals do not know that many security audit trails do not come by default, leaving the companies almost 100% unprotected in case of a security incident.
Join me on this technical talk, in which I’m going to explain trough several live demos how attackers are compromising SAP platforms, how they backdoor these platforms and how you can apply different forensic techniques to determine if your system has been compromise and what information has been accessed.
You will be able to see, that I take the audience through several REAL SAP incidents (some of them public, some others were kept private) and how we technically responded