Program
Thanks SAP for the Vulnerabilities. Exploiting the Unexploitable
Authors: Dmitry Chastukhin and Dmitry Yudin
Blah blah blah SAP. Blah blah blah big companies. Blah blah blah hack multimillion-dollar systems. This is how typical SAP talks are started. But not this time. We are really missing hardcore exploitation stuff and unusual vulnerabilities. Now it's time for real SAP hardcore! The moderator will tell (and show) how, by using a chain of minor vulnerabilities in different SAP services, you can take complete control over an affected system.
- Language
- Russian
- Info
- Presentation
Dmitry Chastuhin, Director of the security consulting department at ERPScan. He is engaged in SAP security, particularly in web applications and Java, HANA, and mobile solutions. He has official acknowledgements from SAP for vulnerabilities he found. Dmitry is also a WEB 2.0 and social network security geek and is very active in bug bounty programs (he found several critical bugs in Google, Nokia, and Badoo). He is a contributor to the EAS-SEC project. He spoke at such conferences as Black Hat, Hack in the Box, DeepSec, and BruCON.
Dmitry Yudin, a security researcher at ERPScan. He is an exploit developer, bug hunter, and Linux fan.
