Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

SAP Incident Response: Real Life Examples on How to Attack and Defend

Jordan Santarsieri

1 vote(s)

SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world, these companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, suppliers, customers, credit cards, business intelligence, Etc.

As a veteran SAP forensic investigator, I had the opportunity to experience first-hand how real life adversaries are attacking these kind of systems by executing complex hacking techniques like abusing unauthenticated SAP protocols and standard functionality with the objective of performing espionage, sabotage and fraud attacks.

This scenario is particularly dangerous, as most SAP professionals do not know that many security audit trails do not come by default, leaving the companies almost 100% unprotected in case of a security incident.

Join me on this new and highly technical talk, in which I’m going to explain trough several live demos how attackers are compromising SAP platforms, how they backdoor these platforms and how you can apply different forensic techniques to determine if your system has been compromise and what information has been accessed.


Mr Santarsieri is a founder partner at Vicxer where he utilizes his 12+ years of experience in the security industry, to bring top notch research into the ERP (SAP / Oracle) world.

He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer's customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats.

Jordan has also discovered critical vulnerabilities in Oracle and SAP software, and is a frequent speaker at international security conferences such as Black-Hat DC, Insomnihack, Hacker Halted, OWASP US, 8dot8 and Ekoparty.