BloomTech’s Downfall: A Long Time Coming

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

SAP RCE - The Agent Who Spoke Too Much

Hack In The Box Security Conference via YouTube

Start learning Write review

Overview

Limited-Time Offer: Up to 75% Off Coursera Plus!
7000+ certificate courses from Google, Microsoft, IBM, and many more.
India: 75% Off World: 40% Off
The course teaches learners how to identify and exploit vulnerabilities in SAP Solution Manager (SOLMAN) and SAP SMDAgent. By the end of the course, students will be able to bypass authentication mechanisms, execute arbitrary OS commands, escalate privileges, and manipulate security reports within the SAP landscape. The course covers topics such as authentication bypass techniques, OS command whitelist bypass, privilege escalation, and tampering with security reports. The intended audience for this course includes cybersecurity professionals, SAP administrators, and individuals interested in SAP security. The teaching method includes demonstrations of attacks, explanations of vulnerabilities, and recommendations for securing SAP systems.

Syllabus

Intro
Introduction - Solman
Introduction - SMDAgent
Why ? - First contact
Why ? - SAP Secure Storage
Authentication bypass - P4 Service
Authentication bypass - Key
Authentication bypass - Timestamp token
Authentication bypass - Start time
Authentication bypass - Attack P4S
OS command injection
Tamper the SOLMAN Security Report
Recommendations
Conclusion

Taught by

Hack In The Box Security Conference

Reviews

Start your review of SAP RCE - The Agent Who Spoke Too Much

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.