We are Yvan, Nahuel and Pablo from the Onapsis Research Labs, and we’d like to invite you all to participate in our Black Hat USA 2021 training “ATTACK & SECURE SAP PLATFORMS”. This is a four-day training where students will start with learning basic SAP concepts and will end with using the most critical, latest and advanced exploits against these systems.
We’re no strangers to Black Hat. In fact, Onapsis used to deliver this training at Black Hat for quite a long time. Even the best sessions need an update, so we recently refreshed the entire session of content, and now we’re back with an all-new program to help cybersecurity professionals learn the ins and outs of protecting business-critical SAP applications. The training is highly practical, which means that students won’t be listening to us speak for several hours. Instead, they will spend most of the time doing hands-on exercises. For this particular edition, we’ve built up new exercises, with a total of more than 35 different practical challenges across several different categories that will be tested in Capture-the-Flag (CTF) style competitions.
At the beginning, students will learn the basics of SAP systems: which components are running, how the SAP architecture is, how the communication among these components is being carried out, etc. Once we have the basics, the fun begins. Students will also learn:
- How misconfigurations can be abused and how to make sure you’re not a victim
- The most commonly known exploits, how to use them and how to protect your systems from them
- How threat actors can move laterally once access is gained
- Which tools and data sources are provided by SAP in order to perform forensic assessments and how to use them
- And so much more...
All the training architecture required in order to carry out the practical lessons will be provided and hosted by Onapsis’s own servers. All students need to bring is a laptop with an SSH connection, SAP GUI installed and a willingness to roll up their sleeves and learn!
We’ve presented this training before at other conferences and to clients worldwide, but we feel particularly excited about leading these sessions at Black Hat USA. With four days of classes, it means we can go deeper across a variety of subjects and spend more time with hands-on exercises than usual. We’re even dedicating an entire day to conducting forensics on SAP, which includes putting on our incident response’s hats in order to learn how to identify, detect and track potential real attacks targeting SAP systems!
With more and more threat actors targeting business-critical SAP applications, if you’re still on the fence about whether you should attend or not, let us tell you something...this is going to be the best, most impactful edition of our training we’ve ever done. So don’t miss it!
Stay safe and see you in class!
Yvan, Nahuel, and Pablo.