6th September ICYMI
*|IF:FNAME|*
Dear *|FNAME|*,
*|ELSE:|*
Hello
*|END:IF|*
We are announcing speakers each day on social media and the 44CON website. To make sure you don't miss out on any of the line-up, here are some speakers, talks and workshop announcements from last week:
- Talk:Joe FitzPatrick - 101 ways to brick your hardware
- Talk:Emil Tan - What it means to have the C word in the National Security agenda
- Talk:Rebekah Brown - The Frugal Girl’s Guide to Threat Intelligence
- Workshop: Steve Armstrong - Managing Incidents with CyberCPR
All of our talks, workshops and speakers can be found on the 44CON website.
Today's speakers: Juan Perez-Etchegoyen & Nahuel Sanchez
Today's speaker announcement is Juan Perez-Etchegoyen & Nahuel Sanchez with their talk: Attacks on SAP HANA platform
Companies nowadays are choosing between on-premise, cloud and hybrid deployment models. The common factor across all of these scenarios is the underlying platform, used in the background to run all on-premise and cloud-based applications developed by SAP. This platform is called SAP HANA, which is an in-memory database integrated with an application server that provides a new paradigm for vulnerabilities and risks, serving an increasing number of business applications, providing cutting edge features and overwhelming performance.
With the rise of IoT, many features and interfaces are integrated into SAP HANA and the HANA Cloud Platform, enabling it as a central point for IoT communications and making it an interesting target for anyone trying to access the information of several millions of devices across the world. Vulnerabilities affecting SAP HANA now have an increased attack surface, as these could be abused to compromise many diverse deployments and many customers, if the customers are not properly taking care of these risks.
Join us for this presentation to learn about diverse attack vectors affecting current SAP solutions, on-premise and cloud-based. You will not only learn technical details about these vulnerabilities, but also understand how to prevent and detect attacks to our crown jewels, running on HANA.
Juan Perez-Etchegoyen leads the Product teams that keep Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis' innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing and Standards.
Nahuel D. Sanchez is a security researcher at Onapsis. Being a member of Onapsis Research Labs, his work focuses on performing extensive research of SAP products and components, identifying and reporting security vulnerabilities, attack vectors and advanced exploitation techniques that are applicable to different platforms. Nahuel is one of the most frequent reporters of vulnerabilities in SAP products and is a frequent author of the publication "SAP Security In-Depth". He previously worked as a security consultant, evaluating the security of Web applications and participating in Penetration Testing projects. His areas of interest include Web security, reverse engineering, and the security of Business-Critical applications.
Tickets are expected to sell out, so get yours while you can.
CTF
This year we are delighted to announce that the Ministry of Justice will be running the CTF and they have some great challenges in store for you! Make sure to stop by and see them.
Prison break - Season 6 coming soon!
Do you have what it takes to break into prison?
This year the 44CON CTF is being hosted by the Ministry of Justice. Your challenge is to release your friend by breaking into prison through a series of networking, web, infrastructure and other challenges.
We will host up to 20 teams of up to 5 people so, if you're new, grab someone, team up or go solo to win a drone kit!
Our platform is over IRC to make this accessible to as many hackers as possible. This is where you submit flags and unlock rooms. Each team will have their own virtual environment so you can use whichever tools you want but, remember, you can only bring your machine down if you play unfair. No DoSing us or other teams!
Are you ready for the challenge?
44CON Training Still Available
If you have some time before the conference, why not take one of our awesome training courses:
Today's speakers: Juan Perez-Etchegoyen & Nahuel Sanchez
Today's speaker announcement is Juan Perez-Etchegoyen & Nahuel Sanchez with their talk: Attacks on SAP HANA platform
Companies nowadays are choosing between on-premise, cloud and hybrid deployment models. The common factor across all of these scenarios is the underlying platform, used in the background to run all on-premise and cloud-based applications developed by SAP. This platform is called SAP HANA, which is an in-memory database integrated with an application server that provides a new paradigm for vulnerabilities and risks, serving an increasing number of business applications, providing cutting edge features and overwhelming performance.
With the rise of IoT, many features and interfaces are integrated into SAP HANA and the HANA Cloud Platform, enabling it as a central point for IoT communications and making it an interesting target for anyone trying to access the information of several millions of devices across the world. Vulnerabilities affecting SAP HANA now have an increased attack surface, as these could be abused to compromise many diverse deployments and many customers, if the customers are not properly taking care of these risks.
Join us for this presentation to learn about diverse attack vectors affecting current SAP solutions, on-premise and cloud-based. You will not only learn technical details about these vulnerabilities, but also understand how to prevent and detect attacks to our crown jewels, running on HANA.
Juan Perez-Etchegoyen leads the Product teams that keep Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis' innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing and Standards.
Nahuel D. Sanchez is a security researcher at Onapsis. Being a member of Onapsis Research Labs, his work focuses on performing extensive research of SAP products and components, identifying and reporting security vulnerabilities, attack vectors and advanced exploitation techniques that are applicable to different platforms. Nahuel is one of the most frequent reporters of vulnerabilities in SAP products and is a frequent author of the publication "SAP Security In-Depth". He previously worked as a security consultant, evaluating the security of Web applications and participating in Penetration Testing projects. His areas of interest include Web security, reverse engineering, and the security of Business-Critical applications.
Tickets are expected to sell out, so get yours while you can.
CTF
This year we are delighted to announce that the Ministry of Justice will be running the CTF and they have some great challenges in store for you! Make sure to stop by and see them.
Prison break - Season 6 coming soon!
Do you have what it takes to break into prison?
This year the 44CON CTF is being hosted by the Ministry of Justice. Your challenge is to release your friend by breaking into prison through a series of networking, web, infrastructure and other challenges.
We will host up to 20 teams of up to 5 people so, if you're new, grab someone, team up or go solo to win a drone kit!
Our platform is over IRC to make this accessible to as many hackers as possible. This is where you submit flags and unlock rooms. Each team will have their own virtual environment so you can use whichever tools you want but, remember, you can only bring your machine down if you play unfair. No DoSing us or other teams!
Are you ready for the challenge?
44CON Training Still Available
If you have some time before the conference, why not take one of our awesome training courses:
- Applied Physical Attacks on Embedded Systems, Presented by Joe FitzPatrick
- The ARM Exploit Laboratory, Presented by Saumil Shah
- Mobile Application Hacker's Handbook: Live Edition, Presented by Dominic Chell, MDSec
- Web Application Hacker's Handbook, Presented by Marcus Pinto, MDSec
To find out more on these training courses, please visit our website. Training courses will be running from the 12-14th of September at our training venues.
Don't miss what's next. Subscribe to 44CON Announce: