Skip to content
View martingalloar's full-sized avatar
🇦🇷
🇦🇷
362 followers · 86 following

Achievements

Achievement: QuickdrawAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx2

Achievements

Achievement: QuickdrawAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx2

Organizations

@TandilSec

Block or report martingalloar

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
martingalloar/README.md

🙌 I'm Martin Gallo! Experienced information security professional and leader. Security, privacy, usability and diversity advocate.

👨🏾‍💻 Senior Product Manager at @HYPRCorp | 🙆 Founder and co-organizer at @TandilSec | 🕵️‍ Technical Comitte @ekoparty

Publications

This is my personal repository of publications and presentation at public conferences.

Conference Presentations

Conference Presentations

Presentation Title Conference Presentation Date
Recent Identity Threats and Trends: Lessons to improve Identity Security Identiverse 2021 June 2021
Hunting crypto secrets in SAP systems Troopers 18 March 2018
Intercepting SAP SNC-protected traffic Troopers 17 March 2017
Deep-dive into SAP archive file formats Troopers 16 March 2016
HoneySAP: Who really wants your money? Troopers 15 March 2015
SAP’s Network Protocols Revisited Troopers 14 March 2014
Uncovering SAP vulnerabilities - Reversing and breaking the Diag protocol BruCon 2012 September 2012
Uncovering SAP vulnerabilities - Reversing and breaking the Diag protocol Defcon 20 July 2012
Security Advisories

Security Advisories

Title CVEs Release Date
SAUTH-2020-0001 / SAP HANA SAML Assertion Improper Validation Vulnerability CVE-2020-26834, CVE-2021-21474 09/12/2020
CORE-2017-0011 / SAP Note Assistant Insecure Handling of SAP Notes Signature Vulnerability CVE-2017-16691 30/11/2017
CORE-2017-0001 / SAP SAPCAR Heap Based Buffer Overflow Vulnerability CVE-2017-8852 10/05/2017
CORE-2016-0006 / SAP CAR Multiple Vulnerabilities CVE-2016-5845, CVE-2016-5847 10/08/2016
CORE-2016-0004 / SAP Download Manager Password Weak Encryption CVE-2016-3685, CVE-2016-3684 09/03/2016
CORE-2015-0010 / Sendio ESP Information Disclosure Vulnerability CVE-2014-0999, CVE-2014-8391 22/05/2015
CORE-2015-0009 / SAP LZC/LZH Compression Multiple Vulnerabilities CVE-2015-2282, CVE-2015-2278 12/05/2015
CORE-2014-0007 / SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability CVE-2014-0995 15/10/2014
CORE-2014-0003 / SAP Router Password Timing Attack CVE-2014-0984 15/04/2014
CORE-2012-1128 / SAP Netweaver Message Server Multiple Vulnerabilities CVE-2013-1592, CVE-2013-1593 13/02/2013
CORE-2012-0123 / SAP Netweaver Dispatcher Multiple Vulnerabilities CVE-2012-2611, CVE-2012-2612, CVE-2012-2511, CVE-2012-2512, CVE-2012-2513, CVE-2012-2514 08/05/2012

Pinned Loading

  1. OWASP/pysap OWASP/pysap Public

    pysap is an open source Python library that provides modules for crafting and sending packets using SAP's NI, Diag, Enqueue, Router, MS, SNC, IGS, RFC and HDB protocols.

    Python 220 61

  2. OWASP/HoneySAP OWASP/HoneySAP Public

    HoneySAP: SAP Low-interaction research honeypot

    Python 49 23