SAP systems are running our most critical business processes. SAP security has been increasing over time due to SAP themselves pushing new and more secure products and default configurations with each release. Despite that, SAP systems are increasingly being targeted by attackers, with recent attacks being published in the mainstream news. SAP systems need to be ready for a Forensics analysis, so the big question is: Are your systems prepared to retain the attackers breadcrumbs in the event of an attack? In this talk, we will show novel techniques being used by attackers to avoid being detected during post attack forensic investigations. Vulnerabilities related to anti-forensic techniques will be presented together with their mitigation.
JP leads the Research teams that keeps Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis' innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan Pablo led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing, and Standards.
Will Vandevanter is a Senior Security Researcher at Onapsis where he focuses on SAP and ERP security. He has discovered and helped SAP AG patch numerous critical vulnerabilities in SAP software and is a regular contributor to the Onapsis SAP Security In-Depth publication. Prior to Onapsis, Will was the Lead Penetration Tester at Rapid7. He has previously spoken at Defcon, OWASP AppSec, SOURCE Barcelona, and a number of other conferences. Will holds a Bachelors Degree in Mathematics and Computer Science from McGill University and Masters Degree in Computer Science with a focus in Secure Software Engineering from James Madison University.