Subverting Your Server Through Its BMC - The HPE iLO4 Case
Offered By: Recon Conference via YouTube
Course Description
Overview
Explore a deep dive security study of HP's iLO4 server management solution in this 49-minute conference talk from Recon Brussels 2018. Discover the intricacies of firmware unpacking, GreenHills OS Integrity internals, and vulnerability exploitation in HP ProLiant Gen8 and Gen9 servers. Learn about kernel object models, virtual memory, and process isolation. Examine the exposed attack surface through www and ssh protocols. Witness a demonstration of a novel exploitation technique that compromises the host server operating system via DMA. Gain insights from security researchers Alexandre Gazet, Joffrey Czarny, and Fabien Perigaud as they share their findings on subverting servers through the Baseboard Management Controller (BMC) in the HPE iLO4 case study.
Syllabus
Recon Brussels 2018 - Subverting your server through its BMC: the HPE iLO4 case
Taught by
Recon Conference
Related Courses
Assets, Threats, and VulnerabilitiesGoogle via Coursera Attack Surface and Security Implications of eSIM Technology
BruCON Security Conference via YouTube Simplifying Threat Modeling
LASCON via YouTube Building an AppSec Program from the Ground Up - An Honest Retrospective
LASCON via YouTube Analyzing & Breaking QNX Exploit Mitigations and PRNGs for Embedded Systems
Black Hat via YouTube