| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 04 Apr 2007 10:59:07 -0300 From: Mariano Nuñez Di Croce <mnunez@...sec.com> To: full-disclosure@...ts.grok.org.uk Subject: CYBSEC Release: SAP Security - Paper & Tool release I am proud to announce the release of a White-paper and an open-source tool, both addressing security of SAP R/3 systems. The paper describes vulnerabilities discovered in the SAP RFC interface implementation and library, as well as some attacks that can be performed over SAP systems. The tool, sapyto (v0.93), is the first public framework for carrying out Penetration Tests over SAP R/3 deployments. It is shipped with many plugins to test for vulnerabilities discovered in our research and also launch different types of attacks. You can find these resources at the following links: . Paper: http://www.cybsec.com/upload/CYBSEC-Whitepaper-Exploiting_SAP_Internals.pdf . sapyto: http://www.cybsec.com/vuln/tools/sapyto.tgz Don't hesitate to send me any comments/suggestions! Best Regards, -- ----------------------------------------- Mariano Nuñez Di Croce CYBSEC S.A. Security Systems Email: mnunez@...sec.com Tel/Fax: (54-11) 4371-4444 Web: http://www.cybsec.com PGP: http://www.cybsec.com/pgp/mnunez.txt ----------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists