27 days ago
Overview
During this training attendees will be guided through a complete approach for both Offensive and Defensive of SAP systems.
At the beginning, students will learn the basics of SAP systems: which components are running, how the SAP architecture is, how the communication among these components is being carried out, etc. Once the basic knowledge is known by everyone (this would take a few hours from the first day), the fun begins.
During a big part of the first day, the second and the third day, the students will go through all the different phases of a pentest targeting SAP systems, including implementing techniques, procedures and knowledge developed by the Onapsis Research Labs.
They will start learning how to perform SAP systems discovery and mapping (reconnaissance) using common industry techniques but also specific SAP trickery. Later, they will learn how to find and leverage different vulnerabilities and security misconfigurations to gain access to the affected SAP systems. In order to carry out this, students will be injected with a dose of technical information about how each component works and details about the protocol they speak.
Once access is gained, they will perform post-exploitation activities to further increase its initial compromise.
For each step of the aforementioned journey, the students will also play the defender's role, learning how to be protected against these attacks. In this part we will especially focus on the necessary configurations and tweaks that should be carried out.
The fourth and last day will focus on SAP Forensics. Students will learn about the different sources of information that can be queried in order to detect attacks along with what tools they have available in the systems to aid the forensics process. After going through the theory they'll have to solve a multistage exercise that mimics a real intrusion on an SAP system. Attendees will have to answer different questions about the attack using the previously acquired knowledge.
Because we believe the best way to learn is by doing things hands-on, we prepared a big laboratory with several SAP systems and environments (with all the necessary tools) where users will login to solve a series of exercises.
More than 30 challenges were specially designed to mimic a CTF game, but striving to keep the realism as much as possible. Attendees will need to find flags and submit them to gain points. The complexity is increased in small steps giving students the chance to get used to the overall idea and to have fun while learning, progressing to highly technical and demanding challenges towards the core chapters.
In order to solve these challenges, students will make use of several open-source / free tools such as Metasploit, Pysap, Custom Python scripts, John the Ripper, Hydra, among others.
At the beginning, students will learn the basics of SAP systems: which components are running, how the SAP architecture is, how the communication among these components is being carried out, etc. Once the basic knowledge is known by everyone (this would take a few hours from the first day), the fun begins.
During a big part of the first day, the second and the third day, the students will go through all the different phases of a pentest targeting SAP systems, including implementing techniques, procedures and knowledge developed by the Onapsis Research Labs.
They will start learning how to perform SAP systems discovery and mapping (reconnaissance) using common industry techniques but also specific SAP trickery. Later, they will learn how to find and leverage different vulnerabilities and security misconfigurations to gain access to the affected SAP systems. In order to carry out this, students will be injected with a dose of technical information about how each component works and details about the protocol they speak.
Once access is gained, they will perform post-exploitation activities to further increase its initial compromise.
For each step of the aforementioned journey, the students will also play the defender's role, learning how to be protected against these attacks. In this part we will especially focus on the necessary configurations and tweaks that should be carried out.
The fourth and last day will focus on SAP Forensics. Students will learn about the different sources of information that can be queried in order to detect attacks along with what tools they have available in the systems to aid the forensics process. After going through the theory they'll have to solve a multistage exercise that mimics a real intrusion on an SAP system. Attendees will have to answer different questions about the attack using the previously acquired knowledge.
Because we believe the best way to learn is by doing things hands-on, we prepared a big laboratory with several SAP systems and environments (with all the necessary tools) where users will login to solve a series of exercises.
More than 30 challenges were specially designed to mimic a CTF game, but striving to keep the realism as much as possible. Attendees will need to find flags and submit them to gain points. The complexity is increased in small steps giving students the chance to get used to the overall idea and to have fun while learning, progressing to highly technical and demanding challenges towards the core chapters.
In order to solve these challenges, students will make use of several open-source / free tools such as Metasploit, Pysap, Custom Python scripts, John the Ripper, Hydra, among others.
Key Takeaways
- Go from 0 knowledge about SAP, to learn how to successfully perform a pentest on this platform.
- Be aware about the latest tools, vulnerabilities and exploits affecting these systems ( including details on how some of these bugs were found)
- Understand how to protect and detect attacks against SAP systems.
Who Should Take this Course
Security Consultants / Penetration Testers / Read Teamers: Who want to add a new resource to their toolkit to help them whenever they face projects where SAP systems are present in the network.
Infosec defenders / Blue teamers: Who want to understand the risk of these systems and how to protect and secure them.
SAP specialists / SAP basis administrators: Who want to empower their skills in terms of security of the platform. This training will help them to properly secure the systems they manage/deploy, either to avoid creating new security holes or to improve their current overall security status in the servers they control in a proactive way.
Infosec defenders / Blue teamers: Who want to understand the risk of these systems and how to protect and secure them.
SAP specialists / SAP basis administrators: Who want to empower their skills in terms of security of the platform. This training will help them to properly secure the systems they manage/deploy, either to avoid creating new security holes or to improve their current overall security status in the servers they control in a proactive way.
Student Requirements
Basic usage of the command line and Linux/Windows is expected.
Basic knowledge of Python is desirable, but not required.
During the training we are going to use tools like Metasploit, Hydra, Bizploit and more. If you don't have experience on them, don't worry we are going to explain the basics on how to use them !
NO PREVIOUS SAP KNOWLEDGE REQUIRED.
Basic knowledge of Python is desirable, but not required.
During the training we are going to use tools like Metasploit, Hydra, Bizploit and more. If you don't have experience on them, don't worry we are going to explain the basics on how to use them !
NO PREVIOUS SAP KNOWLEDGE REQUIRED.
What Students Should Bring
The only necessary requirements are:
- SSH Client.
- Permissions to install software on the OS
- Linux/Windows machine is a plus (can be virtual)
What Students Will Be Provided With
Students will be provided with:
- Access to a platform where all the necessary tools to perform the exercises are already available.
- The slidedeck with all the information that we are going to study all along the training.
- Access to an heterogeneous SAP system laboratory that will be the one used for every hands-on exercise.
Trainers
Nahuel D. Sánchez leads the Security Research Team. His work focuses on performing extensive research of SAP products and components, identifying and reporting security vulnerabilities, attack vectors and advanced exploitation techniques that are applicable to different platforms. Nahuel is one of the most frequent reporter of vulnerabilities in SAP products and is a frequent author of the publication "SAP Security In-Depth". He previously worked as a security consultant, evaluating the security of Web applications and participating of Penetration Testing projects. His areas of interest include Web security, reverse engineering, and the security of Business-Critical applications.
Pablo Artuso is a Security Researcher at the Onapsis Research Labs. He is mostly involved in projects of vulnerability research and penetration testing of SAP products, where he has helped to patch several bugs. He is part of the team responsible for delivering and keeping up to date SAP Security Training, and has also presented about SAP Security in other conferences around the world. In his spare time, he enjoys developing tools as well as playing CTF's which include web exploitation, reverse engineering, and crypto challenges.
Yvan Genuer is a Security Researcher at Onapsis. He has over 15 years of SAP experience. He has been delivering consultancy services around SAP Security as well as researching for vulnerabilities into SAP products, resulting in SAP AG official acknowledgements he has received, for several vulnerabilities he originally reported. Furthermore, he has also conducted both trainings and talks about this topic in conferences.
Password:leakforum.io
Password:leakforum.io
(This post was last modified: 27 days ago by Sauron.)
![[Image: tumblr-b540b318feeef992063cb2e5ff500a57-...resize.gif]](https://i.postimg.cc/jjkLFCGZ/tumblr-b540b318feeef992063cb2e5ff500a57-68426a28-1280-ezgif-com-resize.gif)