OSFC 2019 - Common BMC vulnerabilities and how to avoid repeating them

This talk was held at 9elements Cyber Security's Open Source Firmware Conference in Silicon Valley. Presenter: Rick Altherr Abstract: BMCs have a notorious past of critical vulnerabilities that allow complete takeover of the host system. Worse, the same types of vulnerabilities creep up in BMC firmware over and over again. This talk looks at these repeat offenders in depth to see what can be learned. A comprehensive threat model for BMCs will be presented along with methodologies, practices, and techniques that can be used to avoid these common security mistakes. WEBSITE: https://osfc.io TWITTER:   / osfc_io   FACEBOOK:   / osfc.io   PAPER: https://2019.osfc.io/talks/common-bmc... ORGANIZER: https://9esec.io

Join Today
OSFC 2019 - PLDM support on OpenBMC
▶︎

OSFC 2019 - PLDM support on OpenBMC

Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

OSFC 2018 - OpenBMC | Sai Dasari
▶︎

OSFC 2018 - OpenBMC | Sai Dasari

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Complete GitHub Actions Course - From BEGINNER to PRO
▶︎

Complete GitHub Actions Course - From BEGINNER to PRO

The Professor Who Taught People How To Think (1962)
▶︎

The Professor Who Taught People How To Think (1962)

Linux Full Course for Beginners | Learn Linux System Administration
▶︎

Linux Full Course for Beginners | Learn Linux System Administration

Python Project | Python Projects For Beginners | Python Project Tutorial | Intellipaat
▶︎

Python Project | Python Projects For Beginners | Python Project Tutorial | Intellipaat

Music for Work — Deep Focus Mix for Programming, Coding
▶︎

Music for Work — Deep Focus Mix for Programming, Coding

APIs for Beginners - How to use an API (Full Course / Tutorial)
▶︎

APIs for Beginners - How to use an API (Full Course / Tutorial)

System Design Explained: APIs, Databases, Caching, CDNs, Load Balancing & Production Infra
▶︎

System Design Explained: APIs, Databases, Caching, CDNs, Load Balancing & Production Infra

SQL Course for Beginners [Full Course]
▶︎

SQL Course for Beginners [Full Course]

How Proctor’s texts in Karen Read lawsuit could free dangerous criminals
▶︎

How Proctor’s texts in Karen Read lawsuit could free dangerous criminals

What do tech pioneers think about the AI revolution? - The Engineers, BBC World Service
▶︎

What do tech pioneers think about the AI revolution? - The Engineers, BBC World Service

System Design Course – APIs, Databases, Caching, CDNs, Load Balancing & Production Infra
▶︎

System Design Course – APIs, Databases, Caching, CDNs, Load Balancing & Production Infra

RL for Agents Workshop - Deep Dive on Training Agents with RL and Open Source
▶︎

RL for Agents Workshop - Deep Dive on Training Agents with RL and Open Source

Full Archon Guide - Build AI Coding Harnesses That Actually Ship (LIVE)
▶︎

Full Archon Guide - Build AI Coding Harnesses That Actually Ship (LIVE)

Enhancing the Firmware Stack Management with OpenBMC
▶︎

Enhancing the Firmware Stack Management with OpenBMC

Hands-On Power BI Tutorial 📊Beginner to Pro [Full Course] ⚡
▶︎

Hands-On Power BI Tutorial 📊Beginner to Pro [Full Course] ⚡

Complete Networking for Cybersecurity Beginners (2026)
▶︎

Complete Networking for Cybersecurity Beginners (2026)