ERPScan Security Scanner for SAP

DSecRG works on multiple projects in enterprise application security listed below.

OWASP-EAS

The OWASP Enterprise Application Security Project (OWASP-EAS) exists to provide guidance to people involved in the procurement, design, implementation or sign-off of large scale (i.e. Enterprise) applications.

Enterprise applications security is one of the major topics in overall security because these applications control finances and resources, and every security violation can result a significant money loss. The purpose of this project is to increase awareness about enterprise application security problems, and create the guidelines and tools for enterprise application security assessment.

SMBRelay Bible

Our encyclopedia of pass the hash/smbrealy attacks. The goal of this encyclopedia is to collect all the information related to passing NTLM authentication for conducting SMB-relay attacks or stealing credentials. We are often use these methodologies in penetration tests and enterprise application security assessments, therefore we decided to gather all the information on one page.

This type of vulnerability exists in different enterprise applications of Oracle and SAP, and can be exploited by an attacker even in the hardened systems. That is why we have our focus on this area of research.

From Application Down to OS

This is a series of whitepapers focused on the existing methodologies of gaining administrative access to the server using application vulnerabilities. The applications like Oracle RDBMS, IBM Websphere, Lotus Domino and Apache Geromino were assessed.