BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Breaking BMC: The Forgotten Key to the Kingdom\n   W
 hen: Saturday\, Aug 12\, 15:30 - 16:15 PDT\n   Where: Caesars Forum - Foru
 m - 105\,135\,136 - Track 1 - [1]Map\n   Speakers:Adam Zabrocki\,Alex Tere
 shkin\n\n   SpeakerBio:Adam Zabrocki \, Distinguished Engineer (Offensive 
 Security)\n   at NVIDIA\n   Adam ‘pi3’ Zabrocki is a computer security
  researcher\, pentester\n   and bughunter\, currently working as a Disting
 uished Engineer\n   (Offensive Security) at NVIDIA. He is a creator and de
 veloper of Linux\n   Kernel Runtime Guard (LKRG) - his moonlight project d
 efended by\n   Openwall. Among others\, he used to work in Microsoft\, Eur
 opean\n   Organization for Nuclear Research (CERN)\, HISPASEC Sistemas (kn
 own\n   from the virustotal.com project)\, Wroclaw Center for Networking a
 nd\n   Supercomputing\, Cigital. The main area of his research is low-leve
 l\n   security (CPU arch\, uCode\, FW\, hypervisor\, kernel\, OS).\n\n   A
 s a hobby\, he was a developer in The ERESI Reverse Engineering\n   Softwa
 re Interface project\, a bughunter (discovered vulnerabilities in\n   Hype
 r-V\, KVM\, RISC-V ISA\, Intel's Reference Code\, Intel/NVIDIA vGPU\,\n   
 Linux kernel\, FreeBSD\, OpenSSH\, gcc SSP/ProPolice\, Apache\, Adobe\n   
 Acrobat Reader\, Xpdf\, Torque GRID server\, and more) and studied\n   exp
 loitation and mitigation techniques\, publishing results of his\n   resear
 ch in Phrack Magazine.\n\n   Adam is driving a Pointer Masking extension f
 or RISC-V\, he is involved\n   in many RISC-V security related extensions 
 (including CFI)\, he is a\n   co-author of a subchapter to Windows Interna
 ls and was twice The Pwnie\n   Awards nominee (2021 and 2022) for the most
  under-hyped research. He\n   was a speaker at well-known security confere
 nces including Blackhat\,\n   DEF CON\, Security BSides\, Open Source Tech
  conf and more.\n\n   Twitter: [2]@Adam_pi3\n\n   SpeakerBio:Alex Tereshki
 n \, Principal System Software Engineer\n   (Offensive Security) at NVIDIA
 \n   Alex Tereshkin is an experienced reverse engineer and an expert in\n 
   UEFI security\, Windows kernel and hardware virtualization\,\n   special
 izing in rootkit technologies and kernel exploitation. He has\n   been inv
 olved in the BIOS and SMM security research since 2008. He is\n   currentl
 y working as a Principal Offensive Security Researcher at\n   NVIDIA. He h
 as done significant work in the field of\n   virtualization-based malware 
 and Windows kernel security. He is a\n   co-author of a few courses taught
  at major security conferences and a\n   co-author of the first UEFI BIOS 
 and Intel ME exploits. In 2022 he was\n   a Pwnie Awards nominee for the m
 ost under-hyped research.\n   Twitter: [3]@AlexTereshkin\n\n   Description
 :\n   The Baseboard Management Controller (BMC) is a specialized\n   micro
 controller embedded on the motherboard\, typically used in servers\n   and
  other enterprise-level hardware. The security of the BMC is\n   critical 
 to the overall security of the system\, as it provides a\n   privileged le
 vel of access and control over the hardware components of\n   the system\,
  including the ability to perform firmware updates\, and\n   even power th
 e system on and off remotely.\n\n   When the internal offensive security r
 esearch team was analyzing one\n   of the NVIDIA hardware\, they detected 
 several remotely exploitable\n   bugs in AMI MegaRAC BMC. Moreover\, vario
 us elevations of privileges\n   and "change of scope" bugs have been ident
 ified\, many of which may be\n   chained together resulting in a highest s
 everity security issue.\n   During this talk we would like to take you on 
 the journey of the whole\n   attack sequence: from having zero knowledge a
 bout a remote AMI BMC\n   with enabled IPMI (yeah\, right) to flashing a p
 ersistent firmware\n   implant to the server SPI flash. The chain will be 
 about a dozen bugs\n   long\, so buckle up.\n\n   REFERENCES\n\n          
  * Dan Farmer "File under... et tu\, ipmi 2.0 specification?"\n           
   [4]http://fish2.com/ipmi/remote-pw-cracking.html\n\n           * Waisman
 \, Soler "The Unbearable Lightness of BMC" [5]https://i.blackhat.com/us-18
 /Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC.pdf\n\n 
           * Eclypsium\, Inc. "Vulnerable firmware in the supply chain of\n
              enterprise servers" [6]https://eclypsium.com/wp-content/uploa
 ds/2019/07/Vulnerable-Firmware-in-the-Supply-Chain.pdf\n\n           * Ecl
 ypsium\, Inc. "Quanta Servers (Still) Vulnerable to\n             Pantsdow
 n" [7]https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-
 pantsdown/\n\n   '\n\n   1. #CaesarsForumBR\n   2. https://twitter.com/Ada
 m_pi3\n   3. https://twitter.com/AlexTereshkin\n   4. http://fish2.com/ipm
 i/remote-pw-cracking.html\n   5. https://i.blackhat.com/us-18/Wed-August-8
 /us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC.pdf\n   6. https://ec
 lypsium.com/wp-content/uploads/2019/07/Vulnerable-Firmware-in-the-Supply-C
 hain.pdf\n   7. https://eclypsium.com/2022/05/26/quanta-servers-still-vuln
 erable-to-pantsdown/\n\n\n
DTEND:20230812T231500Z
DTSTART:20230812T223000Z
LOCATION:DC - Caesars Forum - Forum - 105\,135\,136 - Track 1
SUMMARY:Breaking BMC: The Forgotten Key to the Kingdom
END:VEVENT
END:VCALENDAR