Attack & Secure SAP - 2022 Edition (Virtual)

This course will teach attendees not only the fundamentals on how to pentest and secure SAP systems, but also the latest techniques and procedures. Students will be guided through a variety of scenarios designed to walk them through all the phases involved in an SAP penetration testing or forensic project: Landscape discovery System mapping Vulnerability assessment System exploitation Privilege escalation Lateral movement Forensics Attendees will start from a black-box perspective and end up digging in the heart of the system learning how to spot and leverage every misconfiguration or vulnerability. Common attack patterns and high impact vulnerabilities such as CVE-2020-6286 (RECON), will be analyzed, along with brand new techniques to escalate privileges, establish persistency and move laterally across the landscape. Throughout these phases, attendees will also switch hats and put on their defenders' shoes, learning how to secure and how to analyze compromised SAP systems. No previous SAP experience required.