Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

RedRays at Black Hat MEA 2023


📅 17:40, Wed, Nov 15
📍 Briefing Stage 4

At the Black Hat MEA conference, our team, including top experts, is set to take the stage. We invite you to join us and delve into the world of SAP security, where we will discuss the risks and threats associated with this system.

📢 In this session, we will explore the security vulnerabilities within the SAP system and the potential risks they pose to companies. The SAP system consists of various components, including SAP HANA, SAP Solman, SAP Cloud Connector, and SAP ME, which are customized to meet the specific requirements of each organization. While some companies utilize SAP’s cloud solutions alongside on-premise solutions, any vulnerabilities or misconfigurations within these components can jeopardize the entire SAP system. We will also delve into two distinct attack vectors that can be exploited to compromise the system’s security.

At the event, the attendees will get an opportunity to listen to the RedRays Lead Security Researcher, Vahagn Vardanian, who will share the findings of the investigation conducted by the RedRays Research and Development Center on the vulnerabilities of the SAP enterprise software.
During the presentation the Proof of Concepts of the following vulnerabilities CVE-2023-0012, CVE-2022-39802, CVE-2021-21480 discovered by our team will be published and other issues such as MS Defender Bypass, Decrypt SAP SSFS, and some SAP Misconfigurations will be discussed.
The vulnerabilities have been reported to SAP and have already been fixed.

🔍 What have we done? Our experts have conducted a thorough analysis of SAP vulnerabilities and will share the results of our research at this conference. You will learn about two unique attack vectors that can pose a threat to SAP system security.

Join us at Black Hat MEA and discover more about securing your company in the world of SAP. Our presentation will be a highlight of the conference, and we look forward to seeing you there!

More to explorer

SAP Security For All

RedRays Security Platform for Penetration testers and Bug hunters

The product package is specifically created for cyber security experts who have encountered SAP while participating in bug bounty programs.

RedRays Security Platform for SAP Consultants

The product package is designed for SAP consultants conducting security assessments of SAP ERP systems. We provide essential tools and resources to help professionals in this field conduct their work effectively.

RedRays Security Platform for Enterprises

The product package is specifically optimized to cater to the needs of both small/medium and large companies who are seeking to streamline the process of organizing a comprehensive security system for ERP systems.