Infosec In the City (IIC)
An Introduction to SAP Forensics — by Jordan Santarsieri
#IICSG2019 Conference Workshop Track
Day 1 (19 Jun 2019)
@ Breakout Room 3
[#IICSG2019 Conference Full Schedule]
SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world. These companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, managing suppliers/customers, material management, releasing payments to providers, credit cards processing, business intelligence making it an ideal target for cyber-attacks.
This mini-workshop will start with a brief introduction to SAP (No previous SAP knowledge is required), you will learn about the SAP security logs, their default status, what information is available, how to activate them, correctly configure them and how to parse the different formats.
After we learn about the security logs, we will parser one of the security logs and trace a simulated incident together!
Brief Introduction to SAP
SAP Architecture and Services
SAP Security Audit Log
SAP and the "Other Logs"
Deep-Dive on the SAP Security Log. The technical way!
Dissecting the Log
Creating a Parser Live! (the Python way!)
Catching the bad-guy