Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Jackpotting Fortune-500 Treasuries

Hack In The Box Security Conference via YouTube

Overview

Explore critical vulnerabilities in Enterprise Resource Planning (ERP) systems and their potential for financial exploitation in this conference talk from the Hack In The Box Security Conference. Dive into the world of ERP post-exploitation, focusing on Oracle's ERP system, and discover how attackers could manipulate payment processes for substantial profits. Learn about two recently discovered vulnerabilities: an unsafe Java deserialization vulnerability (CVE-2020-2586) allowing unauthenticated database control, and a file upload vulnerability (CVE-2019-2775) enabling remote file uploads without authentication. Witness live demonstrations of altering payment processes and printing cashable checks without detection, highlighting the importance of understanding ERP security for protecting Fortune 500 companies' most critical financial assets.

Syllabus

Intro
About Presenters
Agenda • ERP systems and Financial applications
Motivation Looking for profit?
ERP Systems What is an Enterprise Resource Planning system?
Expectation
ERP as a Target
Oracle EBS
TCF Vulnerability
ERP Payments
E-Business Suit Payments
Wire Transfer Attack
E-Business Suite Payment module
Arbitrary File Upload
Uploading CGI Perl Script
E-Business Suite checks
E-Business Suite Payments module

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Jackpotting Fortune-500 Treasuries

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.