Description: While cyber attacks are increasing every year, SAP systems are still not immune to being targeted by attackers and being involved in IT security incidents. Incident response and forensics analysis are complex tasks, especially when performed on systems that are not only diverse in terms of products, versions, operating systems and databases, but also in the big customisation layer that SAP systems have.
In these scenarios, identifying and tracking down potentially malicious activities can be extremely challenging if you are not prepared for it. Indications and evidence of attacks are stored in diverse places. Join us on this talk to get an overview of what steps to take after a breach to a SAP system was detected, discussing about important concepts such as relevant files and tables, memory dumping, disk images, evidence, chain of custody and many other terms that you need to be aware of if you ever face an incident within your SAP implementation.
Finally, examples of real-life attacks will be shown going through the incident response procedure and showing how to identify what really happened on the SAP systems.
Sergio Abraham
Sergio is an SAP Security Specialist and Researcher at Onapsis. As one of the first members of the Onapsis Research Labs, he is responsible for the research of diverse scenarios and configurations of SAP pplications, as well as the development and delivery of blog posts, SAP security in-depth publications, papers and webcasts, as well as Security Conference talks and trainings.
As a result of his experience in the industry, Sergio has discovered and published several SAP Security vulnerabilities affecting diverse SAP components. He has been invited to speak and host trainings at well recognized industry conferences such as Ekoparty, HubCon, ASUG and SANS, among others.
Additionally, Sergio was the main developer of Onapsis Bizploit (the first open-source SAP Penetration Testing Framework) and the architect of Onapsis X1 (the ERP Security Suite). He has generated new and innovative security checks for both products.
In terms of consultancy, Sergio has been involved in different projects related to the SAP security ecosystem, such as auditing SAP Implementations, defining and implementing SoD rules, performing SAP security assessments, SAP Penetration Tests, and also helping SAP customers during SAP incident responses.
Juan Perez-Etchegoyen
Juan Perez-Etchegoyen is the CTO at Onapsis, leading the Research & Development teams that keep the company on the cutting-edge of the ERP security industry. As a renowned thought-leader in the SAP cyber security field, Juan is responsible for the architecture of the innovative software solutions Onapsis X1 and Onapsis IPS. Being the founder of the Onapsis Research Labs, Juan is actively involved in the coordination and research of critical security vulnerabilities in ERP systems and business-critical applications, such as SAP and Oracle. He has discovered and helped SAP AG fix several critical vulnerabilities. Juan also held the first presentation on advanced threats affecting Oracle’s JD Edwards applications. As a result of his innovative research work, Juan has been invited to lecture at several of the most renowned security conferences in the world, such as Black Hat, SANS, OWASP AppSec, HackInTheBox, NoSuchCon and Ekoparty. He also holds private trainings for SAP AG and Global Fortune-100 organizations and is frequently quoted and interviewed by leading publications, such as IDG, DarkReading and PC World.
For More Information Please Visit: - https://www.troopers.de/troopers/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.