SAP systems use of custom archive file formats in several different places, such as for distributing software components and in the code transport mechanism. While the compression algorithms used by SAP has been known for a few years, it was only target of security analysis recently. Additionally, the file formats are proprietary and there's no much information about how to properly interpret such files.
This talk will shed some light over the compression algorithms and the CAR and SAR file formats, at the time at demonstrating some potential attack vectors involving this type of files. Moreover, we'll discuss how to dissect and examine this files for both offensive and defensive purposes, using an open source python library.
Martin Gallo is Penetration Testing SME at Core Security, where he applies his experience on penetration testing, code reviews and vulnerabilities hunting to the continuous improvement of the company's services and products. His research interests include enterprise software security, vulnerability research, threat modeling and reverse engineering. Martin has given talks at Troopers, Brucon and Defcon conferences.