▶ Analysis of IPMI based vulnerabilities

https://www.youtube.com/watch?v=GZeUntdObCA

And here is a good introduction on the vulnerabilities in detail:

https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi

IPMI architecture diagram shows BMC sideband via SMBUS.

https://threatpost.com/vulnerabilities-in-ipmi-protocol-have-long-shelf-life/106480

https://www.us-cert.gov/ncas/alerts/TA13-207A

https://securityledger.com/2014/06/ipmis-inconvenient-truth-a-conversation-with-dan-farmer/

http://fish2.com/ipmi/

http://www.fish2.com/security/

http://fish2.com/ipmi/river.pdf

http://fish2.com/ipmi/itrain.pdf

http://fish2.com/ipmi/itrain-gz.html

https://en.wikipedia.org/wiki/Intel_Active_Management_Technology

https://en.wikipedia.org/wiki/WS-Management

Tools:

http://www.gnu.org/software/freeipmi/

http://sourceforge.net/projects/ipmitool/

Redfish:

http://dmtf.org/standards/redfish

http://robhirschfeld.com/2014/12/11/redfish-ipmi-bios/

http://www.uefi.org/sites/default/files/resources/UEFI_Plugfest_May_2015_HTTP_Boot_Redfish_Samer_El-Haj_ver1.2.pdf

Different presentations:

https://groups.google.com/forum/#!topic/pdxdevops/KGu9kbVMstg

IPMI + RESTFUL API

https://wiki.openstack.org/wiki/IpmiCredentials

https://github.com/Ahiknsr/igor-rest-api

http://www.eyeshalfclosed.com/blog/2014/08/28/building-the-igor-rest-api/

Foreman:

http://www.fitzdsl.net/tag/ipmi/

Post-28 Sep 2015 update (all the fish2.com document seemed to be inaccessible now….):

IPMI specification (2013):

http://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/ipmi-second-gen-interface-spec-v2-rev1-1.pdf

http://openipmi.sourceforge.net/IPMI.pdf

https://jhalderm.com/pub/papers/ipmi-woot13.pdf

http://www.ptsecurity.ru/ics/ipmi_v7_fix.pdf

http://www.dell.com/downloads/global/power/ps4q04-20040204-murphy.pdf

http://safecomputing.umich.edu/events/sumit13/docs/Bonkoski_IPMI_SUMIT_2013b.pdf

ftp://ftp.penguincomputing.com/pub/penguin/Other/IPMI/ipmi_howto.pdf

http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ts/guide/UCSTroubleshooting/UCSTroubleshooting_chapter_01000.pdf

https://docs.oracle.com/cd/E19860-01/E21452/E21452.pdf

http://www.fujitsu.com/downloads/SPARCE/manuals/sparc-t5e/ilom3.0-snmp-ipmi-en-01.pdf

https://administratosphere.files.wordpress.com/2011/02/25133701.pdf

One response to this post.

  1. Nice, how long did it take you to compile all those links?

    Reply

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Astr0baby's not so random thoughts _____ rand() % 100;

@astr0baby on Twitter for fresh randomness

WildML

Artificial Intelligence, Deep Learning, and NLP

The Data Explorer

playing around with open data to learn some cool stuff about data analysis and the world

Conorsblog

Data | ML | NLP | Python | R

quyv

Just a thought

IFT6266 - H2017 Deep Learning

A Graduate Course Offered at Université de Montréal

Deep Learning IFT6266-H2017 UdeM

Philippe Paradis - My solutions to the image inpainting problem

IFT6266 – H2017 DEEP LEARNING

Pulkit's thoughts on the course project

ML/AI

Machine learning. Artificial Intelligence

the morning paper

a random walk through Computer Science research, by Adrian Colyer

The Spectator

Shakir's Machine Learning Blog

Everything about Data Analytics

big data, data analytics

Microcontrollers Lab

Microcontrollers tutorials and projects

%d bloggers like this: