BH Eu 07 Nunez - Di - Croce WP Apr19 PDF

Загружено:

damtek

0% нашли этот документ полезным (0 голосов)

27 просмотров13 страниц

Оригинальное название

bh-eu-07-nunez_di_croce-WP-apr19.pdf

Авторское право

Доступные форматы

PDF, TXT или читайте онлайн в Scribd

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Пожаловаться на этот документ

Авторское право:

Доступные форматы

Скачайте в формате PDF, TXT или читайте онлайн в Scribd

Отметить как неприемлемый контент

0% нашли этот документ полезным (0 голосов)

27 просмотров13 страниц

BH Eu 07 Nunez - Di - Croce WP Apr19 PDF

Загружено:

damtek

Авторское право:

Доступные форматы

Скачайте в формате PDF, TXT или читайте онлайн в Scribd

Отметить как неприемлемый контент

Перейти к странице

Вы находитесь на странице: 1из 13

Поиск в документе

EXPLOITING SAP INTERNALS

A SECURITY ANALYSIS OF THE RFC INTERFACE IMPLEMENTATION

by Mariano Nuez Di Croce

[mnunez@cybsec.com]

March 8, 2007

Abstract
SAP security is still a dark world. Very little information can be
found on the Net and almost every question related to security
assessment of these applications remains unanswered. This paper
has the intention of bringing some light into that world, providing
the results of a security analysis performed over the SAP RFC
interface implementation.
SAP RFC interface is the heart of communications between SAP
systems, and between SAP and external software. Almost every
system that wants to interact with SAP systems does so using the
RFC interface. As stated by SAP: "The RFC library is the most
commonly used and installed component of existing SAP
software".
This paper describes vulnerabilities discovered in the RFC Library
and their security impact. Furthermore, advanced attacks,
exploiting default mis-configurations and design flaws in the
interface implementation, are presented and explained. Finally, it
provides solutions and suggested configurations to protect from
described attacks and vulnerabilities..

2007 Cybsec S.A. - All Rights Reserved

EXPLOITING SAP INTERNALS: A Security Analysis of the RFC Interface Implementation.

2007 CYBSEC Security Systems S.A. All rights Reserved. Page 1

EXPLOITING SAP INTERNALS: A Security Analysis of the RFC Interface Implementation.

2007 CYBSEC Security Systems S.A. All rights Reserved. Page 2

EXPLOITING SAP INTERNALS: A Security Analysis of the RFC Interface Implementation.

Вам также может понравиться

Fear: Trump in the White House
От Everand
Fear: Trump in the White House
Bob Woodward
Рейтинг: 3.5 из 5 звезд
3.5/5 (738)
A Man Called Ove: A Novel
От Everand
A Man Called Ove: A Novel
Fredrik Backman
Рейтинг: 4.5 из 5 звезд
4.5/5 (4609)
The Sympathizer: A Novel (Pulitzer Prize for Fiction)
От Everand
The Sympathizer: A Novel (Pulitzer Prize for Fiction)
Viet Thanh Nguyen
Рейтинг: 4.5 из 5 звезд
4.5/5 (121)
A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story
От Everand
A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story
Dave Eggers
Рейтинг: 3.5 из 5 звезд
3.5/5 (231)
Grit: The Power of Passion and Perseverance
От Everand
Grit: The Power of Passion and Perseverance
Angela Duckworth
Рейтинг: 4 из 5 звезд
4/5 (588)
Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America
От Everand
Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America
Gilbert King
Рейтинг: 4.5 из 5 звезд
4.5/5 (266)
Principles: Life and Work
От Everand
Principles: Life and Work
Ray Dalio
Рейтинг: 4 из 5 звезд
4/5 (599)
Never Split the Difference: Negotiating As If Your Life Depended On It
От Everand
Never Split the Difference: Negotiating As If Your Life Depended On It
Chris Voss
Рейтинг: 4.5 из 5 звезд
4.5/5 (838)
The Emperor of All Maladies: A Biography of Cancer
От Everand
The Emperor of All Maladies: A Biography of Cancer
Siddhartha Mukherjee
Рейтинг: 4.5 из 5 звезд
4.5/5 (271)
The Little Book of Hygge: Danish Secrets to Happy Living
От Everand
The Little Book of Hygge: Danish Secrets to Happy Living
Meik Wiking
Рейтинг: 3.5 из 5 звезд
3.5/5 (400)
Yes Please
От Everand
Yes Please
Amy Poehler
Рейтинг: 4 из 5 звезд
4/5 (1891)
The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life
От Everand
The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life
Mark Manson
Рейтинг: 4 из 5 звезд
4/5 (5794)
The World Is Flat 3.0: A Brief History of the Twenty-first Century
От Everand
The World Is Flat 3.0: A Brief History of the Twenty-first Century
Thomas L. Friedman
Рейтинг: 3.5 из 5 звезд
3.5/5 (2259)
The Glass Castle: A Memoir
От Everand
The Glass Castle: A Memoir
Jeannette Walls
Рейтинг: 4.5 из 5 звезд
4.5/5 (1713)
Shoe Dog: A Memoir by the Creator of Nike
От Everand
Shoe Dog: A Memoir by the Creator of Nike
Phil Knight
Рейтинг: 4.5 из 5 звезд
4.5/5 (537)
The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are
От Everand
The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are
Brené Brown
Рейтинг: 4 из 5 звезд
4/5 (1090)
John Adams
От Everand
John Adams
David McCullough
Рейтинг: 4.5 из 5 звезд
4.5/5 (2409)
A Tree Grows in Brooklyn
От Everand
A Tree Grows in Brooklyn
Betty Smith
Рейтинг: 4.5 из 5 звезд
4.5/5 (1929)
The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers
От Everand
The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers
Ben Horowitz
Рейтинг: 4.5 из 5 звезд
4.5/5 (344)
Team of Rivals: The Political Genius of Abraham Lincoln
От Everand
Team of Rivals: The Political Genius of Abraham Lincoln
Doris Kearns Goodwin
Рейтинг: 4.5 из 5 звезд
4.5/5 (234)
Her Body and Other Parties: Stories
От Everand
Her Body and Other Parties: Stories
Carmen Maria Machado
Рейтинг: 4 из 5 звезд
4/5 (821)
The Art of Racing in the Rain: A Novel
От Everand
The Art of Racing in the Rain: A Novel
Garth Stein
Рейтинг: 4 из 5 звезд
4/5 (4200)
Wolf Hall: A Novel
От Everand
Wolf Hall: A Novel
Hilary Mantel
Рейтинг: 4 из 5 звезд
4/5 (3811)
The Light Between Oceans: A Novel
От Everand
The Light Between Oceans: A Novel
M.L. Stedman
Рейтинг: 4.5 из 5 звезд
4.5/5 (789)
The Perks of Being a Wallflower
От Everand
The Perks of Being a Wallflower
Stephen Chbosky
Рейтинг: 4.5 из 5 звезд
4.5/5 (2104)
Rise of ISIS: A Threat We Can't Ignore
От Everand
Rise of ISIS: A Threat We Can't Ignore
Jay Sekulow
Рейтинг: 3.5 из 5 звезд
3.5/5 (137)
Angela's Ashes: A Memoir
От Everand
Angela's Ashes: A Memoir
Frank McCourt
Рейтинг: 4.5 из 5 звезд
4.5/5 (440)
Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race
От Everand
Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race
Margot Lee Shetterly
Рейтинг: 4 из 5 звезд
4/5 (895)
The Woman in Cabin 10
От Everand
The Woman in Cabin 10
Ruth Ware
Рейтинг: 3.5 из 5 звезд
3.5/5 (2322)
The Outsider: A Novel
От Everand
The Outsider: A Novel
Stephen King
Рейтинг: 4 из 5 звезд
4/5 (1839)
The Unwinding: An Inner History of the New America
От Everand
The Unwinding: An Inner History of the New America
George Packer
Рейтинг: 4 из 5 звезд
4/5 (45)
Little Women
От Everand
Little Women
Louisa May Alcott
Рейтинг: 4 из 5 звезд
4/5 (104)
Sing, Unburied, Sing: A Novel
От Everand
Sing, Unburied, Sing: A Novel
Jesmyn Ward
Рейтинг: 4 из 5 звезд
4/5 (1103)
Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future
От Everand
Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future
Ashlee Vance
Рейтинг: 4.5 из 5 звезд
4.5/5 (474)
On Fire: The (Burning) Case for a Green New Deal
От Everand
On Fire: The (Burning) Case for a Green New Deal
Naomi Klein
Рейтинг: 4 из 5 звезд
4/5 (74)
Brooklyn: A Novel
От Everand
Brooklyn: A Novel
Colm Toibin
Рейтинг: 3.5 из 5 звезд
3.5/5 (1937)
The Yellow House: A Memoir (2019 National Book Award Winner)
От Everand
The Yellow House: A Memoir (2019 National Book Award Winner)
Sarah M. Broom
Рейтинг: 4 из 5 звезд
4/5 (98)
The Constant Gardener: A Novel
От Everand
The Constant Gardener: A Novel
John le Carré
Рейтинг: 3.5 из 5 звезд
3.5/5 (104)
Forensic Readiness Checklist
Документ2 страницы
Forensic Readiness Checklist
damtek
100% (1)
Computer Forensics Processing Checklist PDF
Документ6 страниц
Computer Forensics Processing Checklist PDF
damtek
Оценок пока нет
Manhattan Beach: A Novel
От Everand
Manhattan Beach: A Novel
Jennifer Egan
Рейтинг: 3.5 из 5 звезд
3.5/5 (792)
Delta Airlines Style Guide 2009
Документ127 страниц
Delta Airlines Style Guide 2009
dktakahashi
25% (4)
Steve Jobs
От Everand
Steve Jobs
Walter Isaacson
Рейтинг: 4.5 из 5 звезд
4.5/5 (806)
1609608518cyber SecurityB
Документ337 страниц
1609608518cyber SecurityB
Juan Hoyos
Оценок пока нет
Bad Feminist: Essays
От Everand
Bad Feminist: Essays
Roxane Gay
Рейтинг: 4 из 5 звезд
4/5 (1016)
Delphix Basic Concepts
Документ46 страниц
Delphix Basic Concepts
saidi_m
100% (1)
Green Onions Booker T and The MG S Tablature Guitar Pro
Документ2 страницы
Green Onions Booker T and The MG S Tablature Guitar Pro
Louis G
Оценок пока нет
03 - 1000004452357 - 15429826 - 20141016 - 0 - Mohamad Nasrol Bin Mohamad Yusoff PDF
Документ5 страниц
03 - 1000004452357 - 15429826 - 20141016 - 0 - Mohamad Nasrol Bin Mohamad Yusoff PDF
Nasrol Yusoff
Оценок пока нет
Title: Informative Note
Документ4 страницы
Title: Informative Note
damtek
Оценок пока нет
Edp Attacked Through Ragnarlocker: Nota Informativa
Документ4 страницы
Edp Attacked Through Ragnarlocker: Nota Informativa
damtek
Оценок пока нет
Cognizant Maze Attack IOC's
Документ3 страницы
Cognizant Maze Attack IOC's
damtek
Оценок пока нет
Detection and Forensics On DNS Tunelling
Документ44 страницы
Detection and Forensics On DNS Tunelling
damtek
Оценок пока нет
Key Functionalities of A Modern Cyber Threat Intelligence Program - Jerry Caponera
Документ21 страница
Key Functionalities of A Modern Cyber Threat Intelligence Program - Jerry Caponera
damtek
Оценок пока нет
Implementation Framework-Cyber Threat Prioritization
Документ8 страниц
Implementation Framework-Cyber Threat Prioritization
damtek
Оценок пока нет
COBIT 5 Syllabus v3.1 PDF
Документ15 страниц
COBIT 5 Syllabus v3.1 PDF
damtek
Оценок пока нет
1771 Osmocombb-27c3
Документ41 страница
1771 Osmocombb-27c3
f2zubac
Оценок пока нет
NDX Flaigs
Документ38 страниц
NDX Flaigs
damtek
Оценок пока нет
Digital Library Initiatives-India
Документ9 страниц
Digital Library Initiatives-India
ICTD
100% (2)
Mikrotik Router - Drikict
Документ6 страниц
Mikrotik Router - Drikict
SarderMoinUdDin
Оценок пока нет
LAN Lab 1 Manual
Документ9 страниц
LAN Lab 1 Manual
salimmanzur
Оценок пока нет
TR 069 Amendment 4
Документ190 страниц
TR 069 Amendment 4
Andy Anupong
Оценок пока нет
Intel Paper On BANs
Документ16 страниц
Intel Paper On BANs
abhayabcdefg
Оценок пока нет
Risk Awareness2021
Документ14 страниц
Risk Awareness2021
Hans
Оценок пока нет
Computer Viruses and Worms
Документ27 страниц
Computer Viruses and Worms
Donnabelle Medina
Оценок пока нет
Manual of Ethernet Networking
Документ28 страниц
Manual of Ethernet Networking
nik_deshmukh
Оценок пока нет
The Marketing Mix - Promotion & Place
Документ20 страниц
The Marketing Mix - Promotion & Place
Kalsoom Soni
Оценок пока нет
<HTML Xmlns:Myspace="Http://x.myspacecdn.com/Modules/Sitesearch/Static/Rdf/Profileschema .Rdf#"><Head> <Meta Http-equiv="Content-type" Content="Text/HTML; Charset=UTF-8">
Документ21 страница
<HTML Xmlns:Myspace="Http://x.myspacecdn.com/Modules/Sitesearch/Static/Rdf/Profileschema .Rdf#"><Head> <Meta Http-equiv="Content-type" Content="Text/HTML; Charset=UTF-8">
anon_999744
Оценок пока нет
1.1 CompTIA Network+ Flash Cards Certcop
Документ248 страниц
1.1 CompTIA Network+ Flash Cards Certcop
amit_post2000
Оценок пока нет
MSBTEJuly2017newsletterFinal 031120171909
Документ16 страниц
MSBTEJuly2017newsletterFinal 031120171909
Sudershan Dolli
Оценок пока нет
Groovy Script
Документ4 страницы
Groovy Script
divya murugan
Оценок пока нет
Progeny LMS, LLC, Waiver of Two Multilateration LMS Rules - SkyTel Comments On Progeny Test Report - Technical Evaluation
Документ17 страниц
Progeny LMS, LLC, Waiver of Two Multilateration LMS Rules - SkyTel Comments On Progeny Test Report - Technical Evaluation
Skybridge Spectrum Foundation
Оценок пока нет
An Opportunistic Transmission Mechanism For Seamless Video Streaming in The MIMO-capable Wireless Ad Hoc Network
Документ5 страниц
An Opportunistic Transmission Mechanism For Seamless Video Streaming in The MIMO-capable Wireless Ad Hoc Network
ify
Оценок пока нет
VoicemeeterBanana UserManual
Документ49 страниц
VoicemeeterBanana UserManual
evert22
Оценок пока нет
q1 Week 1 Etech Powerpoint A
Документ28 страниц
q1 Week 1 Etech Powerpoint A
Mark Angelo Flores
Оценок пока нет
Question #1: Ans: B
Документ25 страниц
Question #1: Ans: B
Hiren Kumar
Оценок пока нет
MOST Bus
Документ3 страницы
MOST Bus
Mohsin Ahmad
Оценок пока нет
EVS5124S Datasheet 20220628
Документ3 страницы
EVS5124S Datasheet 20220628
allanalyticseproc
Оценок пока нет
Votex Profile April 2015
Документ23 страницы
Votex Profile April 2015
RahabGathoni
Оценок пока нет
MyLOFT User Guide - 2020 v6 (English) Webpp and Browser Extension
Документ16 страниц
MyLOFT User Guide - 2020 v6 (English) Webpp and Browser Extension
Ahmad Fahruddin
Оценок пока нет
DLOS8 LoRaWAN Gateway User Manual v1.2
Документ52 страницы
DLOS8 LoRaWAN Gateway User Manual v1.2
amin rusydi
Оценок пока нет
Timos 5.0 MC Lag PW Red
Документ127 страниц
Timos 5.0 MC Lag PW Red
josmurgo
Оценок пока нет