IPMI, a protocol many will never have heard of, underpins remote access to some of the most critical elements of server infrastructure. The years have not been kind to IPMI, and research has repeatedly found flaws in these systems. As part of our talk we will explore new issues that have been discovered following our research and how they impact an open source IPMI implementation.
The talk will provide technical background on what Baseboard Management Controllers (BMCs) are, the role they play in our infrastructure, and how they can be abused to grant privileged access to servers across the world.

Specifically, we'll look at protocol exploitation and state machine analysis, explaining the steps taken to analyse remote management protocols, how audience members can use this to analyse other protocols, and how this resulted in discovering critical flaws in IPMI and other software, allowing remote administrative access to server infrastructure.

The main takeaways from the presentation will be:
- Learning about the IPMI protocol (maybe TLS/WPA too)
- showing off some interesting vulns
- Learning about protocol research methodology, and how to design secure protocols