HACKINAR – Workshop, Pen Test and Webinar in one day
A live attack on SAP systems, everyone is watching and helping? SAP system takeover by the afternoon? The new format of a quick pen test, a red team raid and a workshop. In addition, you get a quick security check of the SAP system free of charge.
SAP security, system checks and a workshop on attack vectors and vulnerabilities are combined here in a quick overall package. It doesn’t have to be dry facts, not a webinar showing signs of fatigue and also no scan behind closed doors.
Our experience with pen tests has shown that companies also like to take the opportunity of a pen test in order to further educate employees by supporting the pen test and to gain active insights into the security of their systems themselves. And it is always exciting to see how committed employees are to the hacks in the company.
That is why we developed the HACKINAR
We take a SAP scenario that comes from the real world. This is done together with you on your customer SAP development system. At every step, with every attempt to exploit a weak point, it is possible to discuss, inquire, learn or check what is already there.
No system was harmed during the workshop!
Don’t worry, the scenario is selected so that nothing is imported, copied or damaged. The systems are never endangered.
The whole hackinar can be done in today’s usual webinar format and carried out in two units in the morning and in the afternoon.
As a result, you will receive documentation that can also be given to management.
Curious about the details, excited about the live hack?
We start by dialing into the customer network via VPN and assume that we have been given access to a SAP development system. We are then an external developer contractor.
Here the first questions arise about VPN security, 2-factor authentication, etc., as is common today, with development authorization, as all other external parties in the company have.
The SAP developer will now try to introduce a defective code. We have our case with „Evildoer“, the customer’s own Trojan ABAP programs. Time to look at the security of the customer’s own code.
An attempt is now made to establish a connection to the productive system via SM59. The only thing missing is the productive user, password and SAP ALL authorization.
But not everything is revealed here.
The small day package includes any number of participants via web conference, the execution and moderation of the attack scenario and the answering of all questions live in the workshop. The preparatory work and coordination as well as a short, later debriefing for handing over the documentation are also included in the package.