2-July-2010 Talk on HITB 2010, Amsterdam “Attacking SAP Users with Sapsploit” by Alexander Polyakov
Amsterdam, Netherlands – July 2, 2010 ERPScan experts spoke at Hack In The Box (HITB) 2010, one of the largest conferences dedicated to technical aspects of information security. The conference was held on 29 June — 2 July in Amsterdam, Netherlands.
At the conference there were such well-known professionals as Anton Chuvakin (PCI DSS and Log Management expert); Laurent Oudot (TETHRI Security); Fyodor Yarochkin (the author of Xprobe); Saumil Shah (Net-Square) and, of course, Alexander Polyakov (ERPScan) with talk Attacking SAP Users with Sapsploit) and Alexey Sintsov (with talk “JIT-Spray Attacks and Advanced Shellcode”). Alexander Polyakov also gave an interview for BBC Radio1 about ERP security, particularly about threats and ways to increase security of ERP systems.[slideshare id=49543699&doc=2010hitbamsattackingsapuserswithsapsploit2-150618083347-lva1-app6892]
This trip was great. We met many of familiar people and got acquaintance with new ones. There were topics of current concern discussed at the conference among them were security of WEB 2.0, mobile devices, client-side applications, and SAP security — this issue was covered in two completely different reports (one by me and one by Mariano Nunez Di Croce) which aim was to demonstrate that SAP was accessible not only to employees of inside of a company and there were many ways how to gain access to SAP through of the Internet both by means of SAPRouter and WEB-application vulnerabilities and SAP client applications.
Alexander Polyakov, Head of ERPScan Research Team.