Skip to content

MartinPankraz/sap-hacker-in-a-day

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
 
 
docker-kali
docker-kali
 
 
img
img
 
 
mentor
mentor
 
 
misc
misc
 
 
student
student
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

SAP Hacker in a day workshop👾

Welcome to your red teaming hands-on lab experience! This repos gets you all setup to embark on your assigned epic quest. Excited yet?

Defenders often think in check lists to protect their SAP systems. Attackers think in graphs to exploit them.

Today you will be switching sides🦹🏻‍♂️.

Introduction

Anyone with a very basic understanding of SAP systems and security can participate in this workshop. The workshop is designed to be self-paced and can be completed in 4 hours. The workshop is divided into multiple quests, each quest will have a set of tasks that you need to complete. Each quest will have a set of tasks that you need to complete.

This workshop gives you a glimpse into the world of a red team'er. You will learn how to exploit a vulnerable SAP system login and how to detect & respond to ever evolving attacks.

Tip

The concepts applied in this hack can be re-used with other products and services. Microsoft Sentinel, Entra ID and Azure are merely used to demonstrate and deepen understanding through hands-on experience.

Important

This work is merely a demonstration of what adept attackers can do. It is the defender's responsibility to take such attacks into consideration and find ways to protect their users against this type of attacks. The linked resources should be used only in legitimate penetration testing assignments or educational purposes. The authors are not responsible for any misuse of the tools mentioned.

  • Familiarize yourself with the scenario using the provided Powerpoint deck.

Tip

🏆Finish the final quest, collect the pass phrase, and redeem it to claim your badge 😎

What else to expect

When you are lucky enough to have signed-up to a guided experience with us like with this DSAG event, we will be providing the SAP system and Microsoft + Azure environment for you.

If not, you will find the preliminary steps to setup the lab yourself here.

📌Buckle up and start your lab 👉here📌

⏱️⩇⩇:⩇⩇⩇⩇:⩇⩇

Recommended courses and further learning

Video of Defender XDR disrupting SAP attack in-flight

Microsoft Sentinel partnerships with SAP

Manipulation toolsets

📢Feedback

This repos encourages contributions and feedback via the GitHub Issues.

About

Content supporting the DSAG workshop "SAP hacker in a day" 3rd December 2024

dsagnet.de/event/sap-hacker-fur-einen-tag-virtuell

Topics

security identity azure sap hands-on-lab red-teaming mfa-bypass entra-id sap-hack

Resources

Readme

License

Apache-2.0 license
Activity

Stars

4 stars

Watchers

5 watching

Forks

1 fork
Report repository

Contributors 8

Languages