At Troopers 14, JP and I gave a talk called "Anti-Forensics on SAP Systems". The talk focused on the methods attackers could use to hide their tracks on an SAP system. This blog post highlights one of the attacks we discussed.
In the previous post we discovered the SAP Services listening on each one of the open ports. Now we can execute Bizploit plug-ins to assess the security of these SAP services.
Let’s have a look at the Discovery and Vulnassess plug-ins available in Bizploit.