Welcome to a data center! A place where the air conditioner never stops and the long line of tiny, red and blue LEDs dance chaotically over the sounds of the never-ending fans, playing in unison.
One thing is certain, everyone avoids data centers like the plague. And, like one of the greatest leaders of our time once said: "Behind every need, there is a right" (or in this case, a product).
Welcome to the world of Out of Band Power Management devices, where vendors decide to put an extra microprocessor inside the motherboard to allow you to remotely monitor heat, fans, and power.
We decided to take a look at these devices and what we found was even worse than what we could have imagined. Vulnerabilities that bring back memories from the 1990s, remote code execution that is 100% reliable and the possibility of moving bidirectionally between the server and the BMC, making not only an amazing lateral movement angle, but the perfect backdoor too.
Nicolas Waisman joined Immunity in February 2004. Nicolas has experience in all areas of offensive-related software security, from vulnerability analysis to exploit and trojan development. Nico is an internationally recognized heap expert and has taught governments and commercial sector students from all over the world in both private and public classroom settings, presenting some of his research at conferences such as Black Hat, Pacsec, Syscan, Ekoparty and many others. Nico is currently the VP of LATAM at Immunity.
Matias Soler joined the Immunity team in 2009 where he has performed different tasks such as exploit development, reverse engineering, security research, and consulting. He has also taught trainings on binary and web exploitation. Matias has experience in both offensive and defensive areas within the information security field.