ipmi, risk, security, tech

Remotely Access Live Supermicro Firmware+

February 1, 2025

TLDR; a vendor supported/supplied utility allows download of live BMC1 firmware/configuration on (at least) some SuperMicro BMCs. It’s hard to tell who might be affected, but the utility used was...

ipmi, tech

trivial command line…..

September 11, 2016

Was just noticing the shell option in ipmitool.. wondered if you could echo a set of commands to it via stdin, and sure enough… the final bit is sending it...

code, dinosaurs, embedded, ipmi, python, security, tech

Get Device ID (moar IPMI… yawn….)

October 12, 2014

I’d had this sitting around for awhile and thought I’d take another look at it; in this I simply toss out an IPMI Get Device ID command and see what happens....

code, embedded, ipmi, security, tech

mega mega mega… chan chan chan….

September 4, 2014

Or… Notes on the IPMI Protocol Security Model. I wrote in Sold Down the River about the curious aspects of channels and authentication and users and all that stuff. Here’s...

BMC, crypto, embedded, ipmi, tech, work

Even more IPMI, woohoo!

June 5, 2014

I wrote a small paper surveying the scene of IPMI in the wild – Sold Down the River – the title of which might give you some clue as to...