Research

• Managing Risks and Attack Paths in Business Applications
• Leveraging AI and Machine Learning for Threat Detection
• SAP Forensics
• Designing Secure Financial Infrastructures
• Automating Information Security Decision Making Using Artificial Intelligence

Conferences/Talks

• 11.11.2024 European Commission – CERT-EU (Brussels, Belgium) Protecting Europe’s mission-critical processes:
  Leveraging Al for real-world incident response
• 06.11.2019 European Commission – CERT-EU (Brussels, Belgium) Detecting Attacks on Business Applications Using Machine Learning and AI
• 05.09.2018 European Commission – CERT-EU (Brussels, Belgium) Hacking the Government Through Business Processes
• 27.01.2017 European Commission (Brussels, Belgium) Protecting vulnerability disclosure
• 21.09.2016 SAP German User Group Annual Congress (DSAG) (Nürnberg, Germany) How to steal a million dollars and get away with it
• 16.09.2015 GCC Cyber Security Summit (Abu Dhabi, U.A.E.) Protecting your business from Cyber Attacks
• 04.09.2015 HP Protect (Washington D.C., U.S.) SAP Security: How to steal a million dollars and get away with it
• 08.06.2015 Hack In Paris (Paris, France) SAP Security: Attacks to Business Processes
• 06.08.2014 BlackHat (Las Vegas, USA) SAP, Credit Cards and The Bird That Talks Too Much
• 18.03.2015 Troopers (Heidelberg, Germany) SAP, Credit Cards and The Bird That Talks Too Much
• 27.03.2014 BlackHat (Singapore) SAP Security: Attacks to Business Processes
• 30.10.2013 SAP Product Security Summit (Walldorf/Germany) Manipulating the business processes for fun and profit
• 19.07.2012 Integralis Secure World  (Stuttgart/Germany) Hack Proofing SAP Systems
• 13.10.2012 SAP Product Security Summit (Walldorf/Germany) Attacking SAP Systems. Why, How, Who and How do we prevent?
• 20.07.2012 Integralis Secure World (Stuttgart/Germany) Attacking SAP Systems Through ABAP applications
• 27.04.2012 Daimler Security Summit (Stuttgart/Germany) SAP Penetration Testing
• 25.03.2011 SAP Internal (Walldorf/Germany) SAP Security
• 16.05.2011 ITM/S Global Information Security (Stuttgart/Germany) Common Attacks to SAP Systems
• 28.06.2011 Integralis Secure World (Stuttgart/Germany) How to attack an SAP System
• 08.09.2011 Sec-T (Stockholm/Sweden) SAP Security
• 17.09.2011 Hacktivity (Budapest/Hungary) Rootkits and Trojans on Your SAP Landscape
• 05.11.2011 Defcon (Lucerne/Switzerland) Enterprise Security
• 07.10.2010 Secude Security Forum (Regensburg/Switzerland) SAP Security
• 13.10.2010 RISK (Oslo/Norway) SAP Security and Sensitive Information
• 04.11.2010 Defcon (Lucerne/Switzerland) The Truth about ABAP Security
• 17.11.2010 DOAG (Nuernberg/Germany) SAP Password Security
• 27.12.2010 CCC (Berlin/Germany) Rootkits and Trojans on your SAP Landscape

Papers

• Rootkits and Trojans on your SAP Landscape

Slides

• The Truth About ABAP Security – Defcon / Hashdays
• Rootkits and Trojans on your SAP Landscape – Berlin
• SAP payment card security – BlackHat Las Vegas

Security Advisories:

• SAP’s Acknowledgements (old page)
• http://www.esnc.de/esnc-sap-security-audit-software/services-for-sap-security-and-threat-monitoring.html#sap_security_notes