ipmi, risk, security, tech

Remotely Access Live Supermicro Firmware+

February 1, 2025

TLDR; a vendor supported/supplied utility allows download of live BMC1 firmware/configuration on (at least) some SuperMicro BMCs. It’s hard to tell who might be affected, but the utility used was...

audit, code, DARPA, data, fast track, ipmi, python, security, tech

ITAR

February 26, 2013

Well, not really.  Actually I.tar.gz.  In the gzip’d tar there are 3 files; little IPMI/BMC configuration file sucker, a suggested set of security recommendations that could be checked, and an...

DARPA, embedded, fast track, government, ipmi, security, tech, work

Darpa, redux, redux, reduxxx

February 12, 2013

I’d been asked about my 2nd CFT proposal… here it is, in all it’s wordy glory: darpa-reduxxx.   Thanks as always to the DARPAnians and Mudge for the opportunity. Thanks...

code, hack, ipmi, python, security, tech

avctpasswd

November 11, 2012

Since I didn’t find it anywhere else… Avocent, who makes a heck of a lot of BMCs, and at times (like with Dell’s iDRAC, at least version 6) keeps encrypted...

code, ipmi, security, tech

lsof lite (III/III)

September 25, 2012

Finally one that looks at a process and tells you what ports its listening to. WPCM450 /tmp]$ ps |grep ssh  1263 root       4532 S   /sbin/sshd -g...