Confidence - (28-29.05 2013 Krakow)
Język: polski | english

Evgeny Neyolov

Evgeny Neyolov

Evgeny Neyolov is IT security analyst in ERPScan.
His key research interests include enterprise business application security, cybercrime analysis, forensics and anti-forensics, e-commerce security and anti-fraud systems.
He was a speaker at some international hacker conferences (SyScan, Nullcon) with talks about cybercrime and analysis of bypassing anti-fraud of online gambling systems.

Evgeny has acknowledgements for discovered vulnerabilities from Microsoft, SAP and others. Also he is an organizer of ZeroNights hacker conference and of Russian Defcon Group.

Temat prezentacji:
Breaking, Forensicating and Anti-Forensicating SAP Portal and J2EE Engine

Evgeny Neyolov, Dmitriy Chastuchin

Język prezentacji:

One of the most critical SAP applications in terms of cyber attacks is SAP Portal, which is based on J2EE engine because it is usually available from the Internet and provides access and connections to other internal SAP and legacy systems. It is necessary to increase awareness in this area, especially after the Anonymous attack on Greece Government where an SAP 0-day vulnerability probably was used, but are you sure that your system has not been compromised? If we talk about SCADA attacks, they are mostly focused on sabotage, which is easy to recognize; attacks on financial systems like banking are focused on money stealing; but if we talk about SAP, the most critical attack is probably espionage, and it is hard to understand if there was espionage because there is no direct evidence of compromise except logs. In this talk, the security architecture of Portal itself and custom applications like iViews will be reviewed, and we will demonstrate how SAP Portal can be attacked. But the main area of the talk will be focused on forensics and finding attack patterns in logs traces and other places to understand if it is possible to completely reverse complex attack patterns. Finally, we will look at how an attacker can try to hide their attacks and how it is possible to deal with it.

There have been a lot of talks covering attacks, but now we will move to the understanding of how to deal with them in the cybercrime era.