https://github.com/martinpankraz/sap-hacker-in-a-day

Content supporting the DSAG workshop "SAP hacker in a day" 3rd December 2024
https://github.com/martinpankraz/sap-hacker-in-a-day

azure entra-id hands-on-lab identity mfa-bypass red-teaming sap sap-hack security

Last synced: 2 months ago
JSON representation

Content supporting the DSAG workshop "SAP hacker in a day" 3rd December 2024

• Host: GitHub
• URL: https://github.com/martinpankraz/sap-hacker-in-a-day
• Owner: MartinPankraz
• License: apache-2.0
• Created: 2024-06-21T13:49:45.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-04-09T11:46:42.000Z (6 months ago)
• Last Synced: 2025-06-15T02:39:57.108Z (4 months ago)
• Topics: azure, entra-id, hands-on-lab, identity, mfa-bypass, red-teaming, sap, sap-hack, security
• Language: Shell
• Homepage: https://dsagnet.de/event/sap-hacker-fur-einen-tag-virtuell
• Size: 21.8 MB
• Stars: 4
• Watchers: 5
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# SAP Hacker in a day workshop👾

Welcome to your **red teaming hands-on lab** experience! This repos gets you all setup to embark on your assigned epic quest. Excited yet?

```text

Defenders often think in check lists to protect their SAP systems. Attackers think in graphs to exploit them. 

```

Today you will be switching sides🦹🏻‍♂️.

## Introduction

Anyone with a very basic understanding of SAP systems and security can participate in this workshop. The workshop is designed to be self-paced and can be completed in 4 hours. The workshop is divided into multiple quests, each quest will have a set of tasks that you need to complete. Each quest will have a set of tasks that you need to complete.

This workshop gives you a glimpse into the world of a [red team'er](https://en.wikipedia.org/wiki/Red_team). You will learn how to exploit a vulnerable SAP system login and how to detect & respond to ever evolving attacks.

> [!TIP]

> The concepts applied in this hack can be re-used with other products and services. Microsoft Sentinel, Entra ID and Azure are merely used to demonstrate and deepen understanding through hands-on experience.

> [!IMPORTANT]

> This work is merely a demonstration of what adept attackers can do. It is the defender's responsibility to take such attacks into consideration and find ways to protect their users against this type of attacks. The linked resources should be used only in legitimate penetration testing assignments or educational purposes. The authors are not responsible for any misuse of the tools mentioned.

* Familiarize yourself with the scenario using the provided [Powerpoint deck](misc/welcome.pptx).

> [!TIP]

>🏆Finish the final quest, collect the pass phrase, and redeem it to claim [your badge](https://dsagwsrgb4f3.z1.web.core.windows.net/) 😎

## What else to expect

When you are lucky enough to have signed-up to a guided experience with us like with [this DSAG event](https://dsagnet.de/event/sap-hacker-fur-einen-tag-virtuell), we will be providing the SAP system and Microsoft + Azure environment for you.

_If not, you will find the preliminary steps to setup the lab yourself [here](./student/README.md#fallback-for-unguided-workshops)._

## 📌Buckle up and start your lab [**👉here**](student/README.md)📌

⏱️⩇⩇:⩇⩇⩇⩇:⩇⩇

## Recommended courses and further learning

[Video of Defender XDR disrupting SAP attack in-flight](https://www.youtube.com/live/9sZshNf3kcE?feature=shared&t=554)

* [Incident Response Series: Chapter #1 Phishing and cookie stolen with Evilginx](https://www.youtube.com/watch?v=D4trW5YM9PM)

* [Sentinel for SAP - SOAR blog series with semi-automatic user block via Microsoft Teams](https://community.sap.com/t5/enterprise-resource-planning-blogs-by-members/from-zero-to-hero-security-coverage-with-microsoft-sentinel-for-your/ba-p/13561790)

* [SAP attack disrupt article](https://learn.microsoft.com/azure/sentinel/sap/deployment-attack-disrupt)

* [Securing Multi-Cloud Gen AI workloads](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/securing-multi-cloud-gen-ai-workloads-using-azure-native/ba-p/4222728)

* [Phish-resistant Multi-Factor Authentication](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-strengths)

## Microsoft Sentinel partnerships with SAP

* [SAP Enterprise Threat Detection, cloud edition](https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/sap-enterprise-threat-detection-cloud-edition-joins-forces-with-microsoft/ba-p/13942075)

* [SAP LogServ (RISE)](https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/announcing-limited-preview-of-sap-logserv-integration-with-microsoft/ba-p/13942180)

### Manipulation toolsets

* [Token Tactics](https://github.com/rvrsh3ll/TokenTactics)

* [Evilginx](https://help.evilginx.com/docs/intro)

## 📢Feedback

This repos encourages contributions and feedback via the [GitHub Issues](https://github.com/MartinPankraz/sap-hacker-in-a-day/issues/new/choose).