RedRays

🚀 Exciting News from RedRays! 🚀

We're thrilled to introduce our innovative Hybrid SAP Pentest service, revolutionizing the way SAP security assessments are conducted.

🔍 What is Hybrid SAP Pentest? It's a groundbreaking approach that combines our advanced automated scanning technology with expert human analysis, offering unparalleled depth and efficiency in SAP security testing.

🌟 Key Benefits:
- Faster vulnerability detection
- More comprehensive coverage
- Expert insights from SAP security specialists
- Actionable recommendations for remediation

Whether you're a pentesting company looking to enhance your SAP offerings, or an organization seeking to bolster your SAP security, our Hybrid SAP Pentest service is designed to meet your needs.

Want to learn more about how we can elevate your SAP security testing?
👉 Visit
https://redrays.io/hybrid-sap-pentetration-testing-service
for details or contact us for a free consultation.

hashtag hashtag hashtag hashtag

Hybrid SAP Pe*******on Testing by RedRays Elevate your SAP security with RedRays' Hybrid SAP Pentest. Combine automated scanning with expert analysis for efficient, comprehensive vulnerability detection and actionable insights.

🔒 Secure your SAP BTP applications with SAP SE's upcoming event!

Join us on May 7-8 to explore critical aspects of SAP BTP security, including shared responsibility, OWASP Top 10 vulnerabilities, proactive security measures, and best practices for development. Learn from industry experts and discover how to protect your business in the cloud. Book your seat now!

https://redrays.io/blog/sap-btp-security-event/

Secure Your SAP BTP Applications: A Guide to Protecting Your Business in the Cloud Join SAP SE's event on May 7-8 organized by RedRays to delve into SAP BTP security, focusing on custom applications. Learn about shared responsibility, OWASP Top 10 vulnerabilities, proactive security measures, best practices for development, and the importance of security testing. Gain insights int...

Hey SAP Security Users! 👋

🚀 We have just released a video exploring the functionalities of our Platform scanning SAP systems to detect vulnerabilities in just 5 minutes. Our platform can be used for white-box 📦 and black-box 🖤 pe*******on testing and threat modeling.

*******onTesting

SAP Pe*******on Testing by Whitebox and Blackbox Method using RedRays Security Platform The video "SAP Pe*******on Testing by Whitebox and Blackbox Method using RedRays Security Platform" provides a practical approach to securing SAP systems usi...

Exploring the World of ERP Systems and Cybersecurity with Vahagn Vardanian: Our partner's TUMO Labs Journey

Վերջերս խոսեցինք մեր գործընկեր, RedRays-ի տեխնիկական գծով ղեկավար և համահիմնադիր Վահագն Վարդանյանի հետ։ Դեռևս 2023 թվականին TUMO Labs-ը և RedRays-ը միավորեցին ուժերը ERP համակարգերն նվիրված նախագծի շուրջ։ Նախագիծը վերաբերում էր մի ծրագրի, որը կազմակերպությունները օգտագործում են իրենց ամենօրյա բիզնես գործունեությունը՝ հաշվապահությունը, գնումները, նախագծերի կառավարումը իրականացնելու համար։ Ուսանողները հնարավորություն են ստանում աշխատել Վահագնի հետ՝ գործնական փորձ ձեռք բերելով Java և Python հավելվածների վերլուծության, խոցելիության հայտնաբերման և անվտանգության գործիքների օգտագործման մեջ:

«Մենք աշխատում ենք ERP ծրագրակազմ օգտագործող արտերկրի խոշոր հաստատությունների հետ և դրանց ապահովում ենք կիբերանվտանգության թեստավորմամբ և աուդիտով։ Այն 15 տարիների ընթացքում, որ կիբերանվտանգության ոլորտում եմ, չի եղել որևէ ERP ծրագիր, որը մենք չկարողանանք կոտրել։ Թեև ծրագրային ապահովման այս խոցելիությունը աննշան կարող է թվալ, այն նաև կարող է լուրջ խնդիրներ առաջացնել ընկերությունների համար», - իր մտքերով կիսվում է Վահագնը:

Այս համագործակցությունը հատկապես կարևոր էր մեզ համար, քանի որ նախագիծն իր տեսակի մեջ առաջինն է: Այն հարցին, թե ինչով են առանձնանում ԹՈՒՄՈ լաբերի ուսանողները, Վահագնի պատասխանը հետևյալն էր. «Ուսանողները, որոնց հետ ես աշխատել եմ, տպավորում են գործին նվիրվածությամբ։ Երբ շաբաթը երկու անգամ հավաքվում ենք նախագծի վրա աշխատելու համար, պարզվում է, որ բոլորը անգամներ ավել նյութեր են ուսումնասիրել, քան ես հանձնարարել էի։ Նաև գտնում եմ, որ լաբերի ուսանողների մտածելակերպը պարզապես ուրիշ է՝ նրանք ճկուն են մտածելակերպով և իրենց համար սահմաններ կամ չափանիշներ չեն դնում»։

Շնորհակալություն, Վահա՛գն, այն ամենի համար, ինչ անում եք։

Թումո լաբերը ֆինանսավորվում է Եվրոպական միության կողմից 🇪🇺



We sat down with Vahagn Vardanian, the CTO and co-founder of RedRays, our project partner. Back in 2023, TUMO Labs and RedRays joined forces for a project centered around ERP systems, software that organizations use to manage day-to-day business activities such as accounting, procurement, project management, and more. Students get to work with Vahagn to gain hands-on experience in Java and Python application analysis, vulnerability detection, and using security tools.

“We work with big institutions abroad that use ERP software and provide cybersecurity testing and audits for them. In the past 15 years, I’ve been in cybersecurity, there is no ERP software that we haven’t been able to crack. Though seemingly minor, these vulnerabilities in the software can snowball into significant issues for companies down the line,” Vahagn shared.

This collaboration was especially important to us because the project is the first of its kind to get into the intricacies of cybersecurity. When asked about how students at TUMO Labs stand out, he remarked, “The students I’ve worked with impress me with their dedication to going above and beyond. We meet twice a week for the project and every time we do, the students have researched more topics than I had originally prepared for them. I also find that their mentality is just different, they’re flexible in how they think and don’t set boundaries or standards for themselves.”

Thank you, Vahagn, for all that you do!

TUMO Labs is powered by the European Union in Armenia 🇪🇺

SAP Security Patch Day - February 2024
Contact Us and don't miss the opportunity to access private analytics with the detailed Proof of Concepts of vulnerabilities.

SAP Security Patch Day - January 2024 The SAP Security Patch Day for February 2024 released 15 new SAP notes targeting 15 vulnerabilities, including critical security patches for various SAP components. The update addressed vulnerabilities such as code injection in SAP ABA and XSS vulnerabilities in NetWeaver AS Java.

🚨 Essential Security Alert for SAP Cloud Connector Users 🚨

Our latest blog post delves into the critical security aspects of SAP Cloud Connector, focusing on the risks associated with its use, especially on Windows platforms.

This article is for anyone responsible for safeguarding SAP systems. Stay informed and ensure the security of your infrastructure. Read our full analysis here: https://redrays.io/blog/sap-cloud-connector-security/

Is Your SAP Cloud Connector Safe? The Risk You Can't Ignore Learn how to enhance the security of your SAP Cloud Connector (SAP CC) deployment on Windows. Discover essential role management strategies, mitigate security risks, and gain insights into securing your SAP infrastructure. Explore best practices to protect valuable data and system resources with our...

We are excited to reveal the prototype of our innovative RedRays Security Platform, created with great attention to detail in Figma (link to Prototype below on this post). This prototype provides a glimpse into the key features and user interface of our platform, giving you an idea of what our final product will offer.

The RedRays Security Platform is a comprehensive solution designed to strengthen the security of SAP systems. Developed by seasoned SAP security experts, this platform is a complete set of tools for protecting your SAP systems against a wide range of threats.

Here are some of the notable features:

- Automatic SAP Services Detection: Simplifies the security management process by automatically identifying SAP services.

- Vulnerability Assessment: Conducts thorough assessments to identify and address potential vulnerabilities.

- Vulnerability Management: Provides robust tools for effectively managing system vulnerabilities that have been detected.

- Threat Modeling: Helps analyze and understand potential system threats.

- Missing Configuration Checks and Outdated Components Check: Ensures system integrity by checking for missing configurations and outdated components.

- Passwords Security Module: Enhances system security through advanced password management.

- SAP Security Notes Check: This critical module checks whether the latest SAP Security Notes are installed on SAP ABAP systems, ensuring protection against known vulnerabilities is up-to-date.

https://www.figma.com/proto/dOJIeJDoB3o5bvUF8H64xW/RedRays-Security-Platform-Online-Demo?type=design&node-id=59-169&t=A900YbkhYjQBd81N-0&scaling=scale-down-width&page-id=0%3A1&starting-point-node-id=59%3A169

We have just published detailed information about the CVE-2021-21480 vulnerability, which we presented at BlackHat MEA 23.

For an in-depth analysis of the vulnerability and a Proof of Concept (PoC), please visit our blog:

Advisory for SAP Security Note 3022622 - [CVE-2021-21480][PoC] Discover the critical security vulnerability in SAP NetWeaver AS Java (versions 15.1/15.4) that allows remote command ex*****on, posing a significant threat to the integrity, confidentiality, and availability of your SAP MII application. Exploitable through malicious JSP code injection via Self Serv...

This month, SAP fixed 16 vulnerabilities in its software, including one in SAP Cloud Connector that was discovered by RedRays R&D.

Check our blog post for more information
https://redrays.io/blog/sap-security-patch-day-december-2023/

SAP Security Patch Day - December 2023 Stay informed about SAP's commitment to cybersecurity with the latest security patches release on December 12, 2023. Learn about critical vulnerabilities addressed and their impact. Plus, don't miss the update on a crucial security fix for SAP Cloud Connector.

📣📣📣Meet us at the biggest security event of 2023 Black Hat MEA. We will share the findings of the investigation conducted by the RedRays R&D Team, which makes possible to jump from ON-PREMISES TO CLOUD.

Dive into SAP security with top experts at Black Hat MEA. Learn about vulnerabilities, risks, and unique attack vectors. Discover RedRays' findings and secure your company in the SAP world. Join us on Nov 15 at 17:40, Briefing Stage 4. RedRays at Black Hat MEA 2023

Թումո լաբերը և RedRays-ը նոր անվճար ծրագիր են սկսում նվիրված ERP համակարգերի անվտանգությանն ու կիբերանվտանգությանը, որին կարող են մասնակցել 18 տարեկանը լրացած բոլոր անձինք: Մասնակիցները պրակտիկ փորձ ձեռք կբերեն Java և Python լեզուների և ERP համակարգերի անվտանգության ապահովման ոլորտներում և կծանոթանան կիբերանվտանգության գործիքներին:

RedRays-ը խոշոր կազմակերպություններին անվտանգության լուծումներ տրամադրող ընկերություն է, որը մասնագիտած է ERP համակարգերը արտաքին սպառնալիքներից և ներքին խարդախություններից պաշտպանելու գործում:

Դիմելու համար այցելե՛ք https://tumolabs.am/security-for-erp/

Հայտերի ընդունման վերջնաժամկետ` նոյեմբերի 1:

Թումո լաբերը ֆինանսավորվում է Եվրոպական միության կողմից 🇪🇺



TUMO Labs and RedRays have a new free-of-charge project on ERP system security and cybersecurity for anyone 18 and over. RedRays specializes in securing ERP systems against external threats and internal fraud. Project participants will gain hands-on experience in Java and Python apps, security tools, and safeguarding ERP systems.

Apply by November 1st to join: https://tumolabs.am/en/security-for-erp/

TUMO Labs is powered by the European Union in Armenia 🇪🇺

RedRays, in addition to speaking at Black hat, will be part of the jury in the startup competition. Teams of young startups will compete for up to $100,000 prize in several categories.

You can see more details here https://blackhatmea.com/black-hat-mea-cyberseed

💥Meet the RedRays Team presenting at Hack In Paris a journey of SAP Landscape compromisation, which makes it possible to jump from on-premises to a cloud environment.
Credits: Vahagn Vardanyan , Arpi Maghakyan

Hack in Paris on LinkedIn: #hip23 #cybersecurity #sysdream 📢For this second afternoon talk, main SAP security issues CVEs were presented- "Since 2021 more than 50 0-days have been discovered" - thank you Arpine…

🔍 RedRays' last investigation of SAP security has uncovered critical vulnerabilities 🚨 that have gone unpatched for at least a year across 10,000 IP addresses.

Check out our last blog post https://lnkd.in/e54eEVqb

💼 " 🌐🔐

https://redrays.io/sap-security-vulnerability-analysis-by-redrays/

SAP Security: Vulnerability Analysis By RedRays RedRays' comprehensive SAP security analysis reveals critical vulnerabilities across 10,000 public IP addresses. Discover the severity distribution, insights into the most pressing vulnerabilities, and RedRays' innovative, accessible solutions for SAP security.

Սիրելի iTel.am - Advanced Armenia շնորհակալ ենք լուսաբանման համար ☺️

Հայկական RedRays-ն AWS-ի հետ մատչելի կդարձնի կիբերանվտանգության լուծումները Հայկական RedRays-ն AWS-ի հետ մատչելի կդարձնի կիբերանվտանգության լուծումները

At RedRays, we take pride in our ability to customize our services to meet your specific needs. 🙌 This is one of our key competitive advantages! 💪 Our team of exceptional developers and researchers have the expertise and skills to make it happen. 👨‍💻👩‍💻

We recently incorporated ServiceNow ITSM integration, thanks to your valuable feedback. 🙏 Our dedicated team worked tirelessly for just a few days to make it seamless. 👏 Great job, team! 💯 As a result, our customers can now export discovered vulnerabilities to Jira and/or ServiceNow ITSM. 🚀

We believe in innovation, teamwork, and success. 💡🤝🏆

.

We have completed integration with the SAP Cloud Connector and can now detect all vulnerabilities in SAP CC.

👀 During development, we discovered some issues in SAP CC, which we will report to SAP. 📝

RedRays on LinkedIn: #sapsecurity #sapcloud The RedRays Security Platform is currently able to detect any vulnerabilities present in the SAP Cloud Connector. 💯

🎉🎉🎉Here we go, RedRays Security Platform for SAP systems on the AWS Marketplace

https://lnkd.in/e2eNWCxA

PS. Coming soon more information about project by RR😊

AWS Marketplace: RedRays Security Platform for SAP Systems RedRays Security Platform for SAP Systems By: RedRays Security Platform Latest Version: v1.0.5 The RedRays Security Platform is a comprehensive solution designed to enhance the security of SAP systems. Developed by experts with over a decade of experience in SAP security, this platform provides an a...

Today is the day for SAP Security Patch updates.
🔒 Stay informed and protect your system by checking out our latest blog post for more information. 🔍

Click the link below to access the article. 👇
https://lnkd.in/eFwjK3Mx

SAP Security Patch Day – July 2023 Explore the detailed overview of SAP Security Patch Day for July 2023. This blog post provides insights into new and updated security patches, vulnerabilities addressed, CVSS scores, and priority levels. Special attention is given to high priority corrections affecting SAP Business Client, SAP ECC a...

We are glad to announce that RedRays, a top provider of SAP security solutions, has expanded its support to include SAP Business One and SAP Business Objects systems. 🎉

The RedRays Security Platform is an innovative tool designed to enhance the security of SAP systems. 🔒

With the addition of SAP Business One and SAP Business Objects to our supported systems, we further strengthen our commitment to providing robust and comprehensive security solutions for SAP environments. 💪

🔒 Breaking News: RedRays Uncovers Alarming Information Leak🔒

RedRays, a leading cybersecurity provider, has made a disturbing discovery regarding an information leak. Our investigation has revealed concerning statistics about the leak's reach across various domains and systems. Learn more about the leak and its impact here:

https://redrays.io/redrays-discover-major-cybersecurity-leak-affects-4800-domains/

Press release: RedRays discovered major cybersecurity leak affects 4800 domains RedRays uncovers major breach: 4,800+ domains affected, including top crypto exchanges, Google accounts, and government entities. 2,000+ impacted enterprise software users and over 100 banks. Urgent action needed to strengthen cybersecurity defenses. RedRays collaborates with Cipher. Stay protected....

🔐🚨 Vulnerability Advisory 🚨🔐

We've recently conducted a deep-dive analysis of a critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2021-33690, in SAP NetWeaver Development Infrastructure.

This vulnerability, affecting SAP NetWeaver Development Infrastructure Component Build Service versions 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50, allows attackers with server access to execute proxy attacks, potentially compromising sensitive server data.

Our team at RedRays is committed to providing comprehensive and detailed insights into various cybersecurity threats and vulnerabilities. We believe in empowering our community with knowledge to enhance their cybersecurity posture.

For a detailed understanding of this vulnerability and its implications, visit our advisory: https://redrays.io/cve-2021-33690-server-side-request-forgery-vulnerability/

[CVE-2021-33690] SSRF vulnerability in SAP NetWeaver DI Explore the critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2021-33690, in SAP NetWeaver Development Infrastructure, affecting versions 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. This vulnerability allows attackers with server access to execute proxy attacks, potentially compromising sen...

Dear Network, 👋

We're reaching out to share an urgent matter 🚨 that RedRays has recently identified. Rigorous internet data monitoring and analysis 📊 have uncovered significant breaches involving user logins and passwords 🔐 of more than 110 SAP customers, now circulating on the black market.

The origin of these user credentials is unknown, but a large-scale phishing attack 🎣 could potentially be the source. This situation poses serious security risks, potentially affecting business continuity 🔄 and data integrity 📈 for numerous SAP customers.

Upon discovering this issue, RedRays immediately contacted SAP's Security Team 🤝 to alert them. RedRays is working closely with SAP to ensure the affected SAP users are notified promptly and necessary measures are taken to mitigate the impact of these leaks 💻.

Several companies have already confirmed that the leaked login/password combinations are indeed valid ✅, emphasizing the severity of the issue.

RedRays understands that protecting the security and integrity of SAP systems is of utmost importance and stands ready to provide all necessary information and assistance in this regard 🛡.

Updates on any major developments 📣 will be provided. We appreciate your attention to this critical issue and encourage you to share this message with any SAP users in your network 🔄.

🔓 Exciting news from RedRays! We have just published a new repository - a Decryption Tool designed specifically for SAP Cloud Connector SSFS.

The tool conveniently decrypts SSFS property values, all without the necessity to reverse-engineer the algorithm. Our Proof of Concept (PoC) is ready to be implemented.

https://github.com/redrays-io/SAP_Cloud_Connector_SSFS_Decryption

GitHub - redrays-io/SAP_Cloud_Connector_SSFS_Decryption: A PoC of decryption the SAP Cloud Connector SSFS A PoC of decryption the SAP Cloud Connector SSFS. Contribute to redrays-io/SAP_Cloud_Connector_SSFS_Decryption development by creating an account on GitHub.

📢 Exciting news!

🚀 We are thrilled to release the newest addition to the RedRays Security Platform: an advanced password security module for ABAP that harnesses the power of AI technology. Head over to our blog to discover more about this groundbreaking development. 👉✨

AI-powered Password Testing for ABAP stack | SAP Blogs Greetings, I am glad to inform you about a significant development in the RedRays Security Platform for the ABAP stack. We have created a new module that effectively deals with the pressing concern of password

🎉 Just around two weeks left until the NorthSec conference in Montreal, Canada🍁, where our CEO Arpi Maghakyan and CTO Vahagn Vardanyan will be presenting on SAP vulnerabilities 🔒. Excited to share our insights and findings with the community! 👨‍💻👩‍💻

We are pleased to have our contribution to the significant mission and culture of TUMO Labs

TUMO Labs on LinkedIn: RedRays helps companies like SAP, Oracle, and Microsoft ERP protect their… RedRays helps companies like SAP, Oracle, and Microsoft ERP protect their systems from cyberattacks. It also helps TUMO Labs students master cybersecurity. In…

📚Sharing experience and knowledge are critical in our field. Thanks Vahagn Vardanyan



/www.linkedin.com/posts/redrays_redrays-helps-companies-like-sap-oracle-activity-7037030181462495232-jFkF?utm_source=share&utm_medium=member_desktop

RedRays on LinkedIn: #training #sap #cybersec #tumo #geeks Proud to be a part of the great culture of TUMO Labs 😌 Credits: Vaagn Vardanian

🚨 Exciting news alert! 🚨

RedRays is pleased to announce that is ready to provide support to startups that are starting to list on the SAP Store. As a partner of SAP, RedRays will be assisting these startups in building secure products and providing secure services.

We are thrilled to be able to support other startups in their journey towards success. With our experience, knowledge, and resources, we can make a meaningful contribution to the growth and development of these startups. 💪💼

If you are a startup looking for help with information security or need assistance with system protection and product development, don't hesitate to contact us.

We would be happy to help! 🤝

services

RedRays Offers Support to Startups Listing on SAP Store RedRays, a startup that was founded in January 2021, is pleased to announce that it will be providing support to startups that are starting to list on the SAP Store. As a partner of SAP, RedRays will be assisting these startups in building secure products and providing secure services.

Exciting news from our Team 💥💥💥 Join us at the NorthSec, and let's dig into Credits: Vahagn Vardanyan and Arpi Maghakyan

https://www.linkedin.com/feed/update/urn:li:activity:7032345740983074816

RedRays on LinkedIn: #sap #security Exciting update 💥 Join us at the NorthSec, and let's dig into Credits: Vahagn Vardanyan and Arpine Maghakyan