Turning your BMC into a revolving door

Unmonitored and unpatched BMC (remote administration hardware feature for
servers) are an almost certain source of chaos. They have the potential to
completely undermined the security of complex network infrastructures and data

Our on-going effort to analyze HPE iLO systems (4 and 5) resulted in the
discovery of many vulnerabilities, the last one having the capacity to fully
compromise the iLO chip from the host system itself.

This talk will show how a combination of these vulnerabilities can turn an
iLO BMC into a revolving door between an administration network and the
production network.

Alexandre Gazet


Currently is now an information security researcher at Airbus Security Research Team after having previously worked as a senior security researcher at Quarkslab. He specializes in reverse engineering, low-level and embedded systems security. He has spoken at security conferences worldwide, i.e., REcon (Canada), Hack In The Box ((Malaysia, Netherlands), SSTIC (France), etc. He is also a co-author of the reverse engineering textbook, Practical Reverse Engineering: x86, x64, Windows kernel, and obfuscation, published by John Wiley & Sons.

Fabien Perigaud (0xf4b)


Is an information security researcher working at Synacktiv after having previously worked as a reverse engineer at Airbus Defence and Space Cybersecurity. He is mainly focused on reverse engineering and vulnerability research, with a specific enthusiasm for embedded devices. He has spoken at security conferences in France, such as SSTIC, NoSuchCon, Grehack and BeeRumP.

Joffrey Czarny (@_Sn0rkY)


Is a Redteam leader at Medallia, Security researcher and VoIP hacker at night, Ambassador of Happiness and Healthy Living. Since 2001, he is a pentester who has released advisories and tools on VoIP Cisco products, Active Directory and SAP, he has spoken at various security-focused conferences Hack.lu, Troopers, ITunderground, Hacktivity, HITB, SSTIC, REcon and Black Hat Arsenal...

Social sharing