Presented at ekoparty 14 (2018)
Sept. 28, 2018, noon
In an age of cloud, containers, and serverless computing, it's easy to forget that real hardware runs underneath these layers of abstraction. Server security is a critical foundation that everything else is built on top of. But what happens when that foundation is compromised? Servers are typically managed using Baseband Management Controller (BMC) . The BMC can be used to manage, wipe, and reinstall servers remotely. It can even flash BIOS/UEFI firmware remotely when the system won't boot. But what happens if we can compromise the BMC also?
In this talk we will walk through the discovery and exploitation of multiple vulnerabilities in server firmware. We will demonstrate attacks that brick servers in ways that cannot be recovered, even through out-of-band BMC mechanisms. Then, we will discuss detection and mitigation options that can be applied to infrastructure to defend against such attacks.
Jesse Michael / @jessemichael
as Jesse Michael
Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented multiple times at DEF CON, PacSec, Hackito Ergo Sum, and BSides Portland.
Alex Bazhaniuk is the CTO and Founder of Eclypsium and he has been performing security research and product security for a number of years at Intel Corporation. Alex presented his research at well-known security conferences and teaches popular trainings in firmware security. Previously, he co-founded the first DEF CON group in Ukraine.