Several security challenges have taken place during the FIC 2018 event. Thanks to all organizers, authors and sponsors related to there challenges. Here are some several write-ups of night and …
GreHack 2017 – Write Up Forensic 400
GreHack is a french security event which takes place for its 4th edition in Grenoble, on 17th November 2017. https://grehack.fr/ The CTF takes place from Friday 9:30 PM to Saturday …
SAP backward compatibility and spoofing users !
Version Française From older SAP R/3 to the recent SAP Netweaver ABAP system, SAP username and password are stored encrypted directly in database. Fortunately, encryption mechanisms have evolved since 90’s …
The security of ‘SAP Secure Storage’
Version Française What is SAP Secure Storage ? The SAP Secure Store is a SAP component allowing the encrypted storage of sensitive data that SAP application requires for remote login …
Does only one mail could DoS your SAP System ? And more…
Version Française Almost all SAP Netweaver versions natively support SMTP (Simple Mail Transfer Protocol), this enables e-mail exchange between the SAP system and other mail server, without using external components. …
Malware… the entry point could be your SAP System
Version Française Security researchers, from ERPScan, discover a vulnerability on SAP Gui and disclose it during last Troopers Conference. The vulnerability doesn’t impact directly the SAP System but the client …