Volume X: Pivoting Through SAP Systems

Every organization running SAP to support its business-critical processes has typically implemented several systems in complex scenarios. Depending on the sizeof the company, the number of SAP Systems, Instances and Products used can be quite large.

All of these systems are interconnected and there are different components involved in regards to the connections such as specific features and restrictions. As a result, every SAP implementation has a certain number of configurations related to how the systems are connected. If these are not properly set, the systems could be abused in order to connect from one system to another, and could bypass authentication mechanisms or network restrictions, potentially rendering the entire landscape vulnerable.

Pivoting through SAP Systems explains current methods used by attackers to move, or “pivot” between SAP systems, and how these techniques are used in order to expand an initial compromise to the entire SAP landscape.