Chained to Hit: Discovering New Vectors to Gain Remote and Root Access in SAP Enterprise Software

At the core of every business on the planet there will always be a mission critical application system. Commonly, organizations overlook their security which is dangerous and results in putting the business at high risk.

During 2022, multiple month-lasting research projects were kicked off as part of the Onapsis Offensive Research labs. Even though each project had its own crucial results, no one expected that a combination of them would end up in critical chains of exploitation.

This presentation will begin with the analysis of "P4", a proprietary protocol based on RMI, which is uncommonly exposed to public or untrusted networks and thus, making it unreachable from the Internet. Not only will critical vulnerabilities be shared, but most importantly the tactics and techniques used to unveil them....

By: Pablo Artuso , Yvan Genuer iggy

Full Abstract and Presentation Materials:
https://www.blackhat.com/us-23/briefi...