BSides London 2025

On the offensive side, we frequently focus on web applications, Active Directory, and cloud environments, while overlooking SAP - a platform at the core of large enterprise operations. This isn’t because SAP is less important in terms of network security, but because its complexity and steep learning curve often keep it out of scope. For attackers, it creates an attractive target that can lead directly to sensitive business data and full network compromise if configured improperly.

This talk will show how an attacker can compromise SAP without needing to be an SAP expert. I'll demonstrate how common misconfigurations and weak controls allow adversaries to move from initial access to complete control.

This talk will cover:

• Recon: How attackers identify and map exposed SAP components.
• Initial Access: Common weaknesses and misconfigurations allowing initial compromise.
• Credential Attacks: Techniques for obtaining and leveraging SAP credentials to deepen access.
• Privilege Escalation: Expanding control through over-privileged accounts and roles.
• Impact: Examples of what attackers can achieve once inside, from extracting sensitive data to expanding their foothold outside the SAP system.

The session is designed to be accessible to those unfamiliar with SAP while offering practical insight for offensive and defensive security professionals