Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: sap

Hashdays 2011

1 Comment Posted by ChrisJohnRiley on October 31, 2011

I wasn’t lucky enough to make it to last years Hashdays conference, so I was both humbled and ecstatic to be selected to speak at the second edition taking place this past weekend. As this was my first time presenting at a “big time” security conference, it was both exciting and scary at the same [...]

Conference, Penetration Test, Security hashdays, sap

SAP OSExecute… not the buffer overflow you’re looking for!

1 Comment Posted by ChrisJohnRiley on October 25, 2011

So, it’s been a busy day already… and just as I’m about to get things under control a friend links me to a post on SecurityFocus discussing this new vulnerability in SAP Management Console. Imagine my surprise when I read about this new OSExecute exploit! So, before the proverbial sh*t hits the fan, here’s a [...]

Metasploit, Penetration Test, Security BID50348, OSExecute, sap

Upcoming presentation: Hashdays

Leave a Comment Posted by ChrisJohnRiley on October 19, 2011

Time flies when you’re knee-deep in SAP internals it seems… after almost a year of really ripping into SAP Management Console Web Services I’m finally giving a presentation on the topic at the upcoming Hashdays conference in Lucerne, Switzerland. The talk, entitled “SAP (in)security: Scrubbing SAP clean with SOAP” will cover some of my research on [...]

Conference, Metasploit, Penetration Test, Security hashdays, presentation, sap

{BruCON} Attacking SAP’s J2EE Engine

1 Comment Posted by ChrisJohnRiley on September 20, 2011

Attacking SAP’s J2EE Engine Alexander Polyakov and Dmitriy Chastuhin Nowadays SAP NetWeaver platform is the most widespread platform for developing enterprise business applications. It’s becoming popular security topic but still not covered well. This talk will be focused on one of the black holes called SAP J2EE engine. Some of the critical SAP products like [...]

Conference, Security J2EE, sap

← Older posts

Newer posts →

RSS feed

Well I know which sauce @joshcorman and I will NOT be having #PoorMonkey twitpic.com/9n92pr 3 days ago
[SuggestedReading] A closer look into the RSA SecureID software token goo.gl/fb/04gik 5 days ago
Headed on safari… if I'm not back in a few days, send food! #iTWebsec 5 days ago
[SuggestedReading] Web Application Penetration testing with Google Chrome Browser goo.gl/fb/XFqIK 6 days ago
[SuggestedReading] Weekly Metasploit Update: CCTV, SCADA, and More! goo.gl/fb/QBapj 6 days ago
RT @joshcorman: Not sitting w/ @ChrisJohnRiley anymore. Our table was referred to as the "slacker table in the back" for this workshop 6 days ago

The contents of this personal blog are solely my own opinions and comments, as such they do not reflect the opinions of my employer(s) past, present or future. No legal liability is accepted for anything you do, think, or consider fact as the basis of articles and links posted on this blog.

"Three to one...two...one...probability factor of one to one...we have normality, I repeat we have normality. Anything you still can’t cope with is therefore your own problem."

Note: A large portion of content I post on my blog comes from "live blogging" of security conferences. These posts are in notes form and are written live during a talk. As such errors and emissions are expected. I'm only human after all!

Cатсн²² (in)sесuяitу / ChrisJohnRiley

Tag Archives: sap

Hashdays 2011

SAP OSExecute… not the buffer overflow you’re looking for!

Upcoming presentation: Hashdays

{BruCON} Attacking SAP’s J2EE Engine

Recent Posts

Archives

@ChrisJohnRiley

Flickr Photos

Links

Disclaimer

Follow “Cатсн²² (in)sесuяitу / ChrisJohnRiley”