Explore a comprehensive conference talk from Ekoparty Security Conference 2019 that delves into exploiting Oracle E-Business Suite (EBS) for financial gain. Learn about two critical vulnerabilities discovered by security researchers Gaston Traberg and Martin Doyhenard: a Java Deserialization leading to SQL injection and an Arbitrary File Upload allowing OS command execution. Understand how attackers can leverage ERP systems to process fraudulent transactions and generate real cashable checks. Gain insights into the potential risks faced by medium to large organizations using ERP applications for sensitive business operations. Discover the intersection between technical exploitation and insider knowledge of financial systems, and witness a live demonstration of tricking a target system into printing an actual check.
Overview
Syllabus
Gaston Traberg & Martin Doyhenard - Pwning Oracle EBS for Real Profit - Ekoparty 2019
Taught by
Ekoparty Security Conference