Presentations / Videos

Free presentations, videos and podcasts

Content from 2019

Installing your own SAP Lab, Part 1

As part of our never ending commitment with the community, we are sharing the first video of our “SAP For IT Security Practitioners” series. On this first episode, we show you how you can download and install an SAP trial version, SAP 7.52, SP01. This video includes the installation and configuration of the operating system and the SAP!

Stay tuned as many more will to come!

Installing your own SAP Lab, Part 2

On this new video, we will show you how you can license and finish the setup of your new SAP trial version, SAP 7.52, SP01. Enjoy the video!

Stay tuned as many more will to come!

Spyware, Ransomware and Worms. How to prevent the next SAP tragedy at Insomni'hack 2019

Is not a secret that SAP is a market leader and one of the principal software providers of the core business applications around the world, nearly 95% of the Fortune-500 companies heavy rely on SAP to perform their most critical and daily operations such as processing payroll, benefits, storing sensitive customers’ information, handling credit cards, logistics and many more.

Due to the “ERP Complexity of the simple things” and in combination with several proprietary protocols, entry-points and default misconfigurations, ERPs are particularly vulnerable to Spyware, Ransomware and Worms, making them the ideal targets for this type of attacks due to the economical significance that these systems hold. Join me on this completely new and highly technical talk, in which I’m going to explain trough several live demos how the different types of malware could impact SAP and what actions you could take to prevent the next SAP tragedy.

As an added value, we will reveal for the first time, our very own project “ARSAP”, a semiautomatic mechanism that detects and register all the SAP systems that are exposed to the Internet, extracting the system’s metadata and cataloging the assets in base of their Geo-location, system type, version, installed components, etc.

Content from 2018

SAP Forensics at Auscert 2018

Our founder and CEO Jordan Santarsieri, sharing his SAP forensic experiences at the prestigious Australian security conference, Auscert.

SAP Incident Response, Real Life Examples on How to Attack and Defend - insomnihack 2018

SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world, these companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, suppliers, customers, credit cards, business intelligence, Etc. As a veteran SAP forensic investigator, I had the opportunity to experience first-hand how real life adversaries are attacking these kind of systems by executing complex hacking techniques like abusing unauthenticated SAP protocols and standard functionality with the objective of performing espionage, sabotage and fraud attacks.

This scenario is particularly dangerous, as most SAP professionals do not know that many security audit trails do not come by default, leaving the companies almost 100% unprotected in case of a security incident.

Installing Vicxer's SAP Installation Check

On this video tutorial, we will show you how to download and use our SAP Installation Check.