Reverse Engineering ABAP Bytecode for Malware Analysis

March 22, 2017 (at 11:30 a.m.) in SAP Track

S/4 HANA is the next generation ERP business suite by SAP. It relies on ABAP as the core programming language. This talk will demonstrate how the ABAP compiler works, how an attacker can inject malicious bytecode, and how a defender can spot tampered business logic by looking at the bytecode.

A toolset supporting the analysis and disassembling of ABAP bytecode will be released together with the talk.

Hans-Christian Esperer

Hans-Christian "HC" Esperer joined the CodeProfiler Research Labs at Virtual Forge in 2012. His focus is on static code analysis, efficient parsing and analysis strategies for new SAP technologies. "HC" has participated in and organized various CTF challenges in the past, together with TU Darmstadt and RWTH Aachen. His focus there is on improving measurability of success by standardizing the CTF environment in such a way that skill of the partaking teams is directly seen in the CTF scoring, while individual prerequisites such as access to commercial debugging and memory analysis tools is minimized. "HC" has also written his own CTF scoring system which is available from his website.

Frederik Weidemann

Frederik Weidemann is Head of Consulting at Virtual Forge GmbH with a focus on SAP Security for eight years. He is co-author of the first book on ABAP Security "Sichere-ABAP Programmierung" by SAP Press and spoke at several SAP and Security related conferences like RSA, OWASP and DSAG. Frederik frequently teaches on secure ABAP programming (course WDESA3) at SAP University in Walldorf and on SAP security for Virtual Forge's customers. He also writes articles on SAP Security on a regular basis and has found numerous Zero Day defects in Business Software. Frederik holds a German Diploma in Computer Science and scored several Capture-The-Flag hacking contests first or second place during his time in university.

Twitter: @insert_report