Sap
ITWeb Security Summit 2012
This year, for the fourth time, myself and some others here at SensePost have worked together with the team from ITWeb in the planning of their annual Security Summit. A commercial conference is always (I suspect) a delicate balance between the different drivers from business, technology and ‘industry’, but this year’s event is definitely our best effort thus far. ITWeb has more than ever acknowledged the centrality of good, objective content and has worked closely with us as the Technical Committee and their various sponsors to strike the optimal balance. I don’t think we have it 100% right yet, and there are some improvements and initiatives that will unfortunately only manifest at next year’s event, but this year’s program (here and here) is nevertheless first class and comparable with almost anything else I’ve seen.
Systems Applications Proxy Pwnage
[2011/9/6 Edited to add Slideshare embed]
I am currently in London at the first ever 44con conference. It’s been a fantastic experience so far – excellent talks & friendly people.
Yesterday, I presented a paper titled “Systems Applications Proxy Pwnage” . The talk precis sums it up nicely:
It has been common knowledge for a number of years that SAP GUI communicates using an unencrypted and compressed protocol by default, and numerous papers have been published by security professionals and researchers dealing with decompressing this traffic.
Page 1 of 1