Fernando Russ

Senior Researcher

As a member of the Onapsis Research Labs team, his work is focused on searching vulnerabilities and exploring new attack vectors on Business Critical Applications, such as SAP platforms, and related technologies. Because of his work, Fernando has published several security advisories of critical vulnerabilities. With 10+ years in the computer security field he has been working as a security researcher, penetration tester and software developer. He has also presented his work in several international events and conferences such as Ekoparty, CanSecWest, Pacsec, Hack.LU, as well as other academic conferences.

SKIP-TLS/FREAK Vulnerabilities and SAP Systems

A few days ago, an important set of bugs that affect the suites of protocols TLS/SSL were published in https://www.smacktls.com/. These protocols are mainly used as the security layer underlying the HTTP(s) protocol, but many other protocols may be affected. The described vulnerabilities have received specific names: SKIP-TLS and FREAK.

SAP HANA post exploitation vectors

This week the Onapsis Research Labs released an advisory for a server-side code injection vulnerability in SAP HANA integrated IDE. For more information about the SAP Note that fixes this issue, please refer to the Onapsis Research Labs advisory. To define a reasonable exploitation scenario, we will assume the following conditions are met by our testing landscape:

Subscribe to our monthly newsletter, the Defender's Digest!