From 9854652f1507cc4bc831c80a6cd405a78dc1486d Mon Sep 17 00:00:00 2001
From: midas <midas@mullsec>
Date: Thu, 23 Jan 2025 17:31:12 +0100
Subject: [PATCH] finish bmc attack

---
 opsec/cloud_provider_adversary/index.html | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/opsec/cloud_provider_adversary/index.html b/opsec/cloud_provider_adversary/index.html
index 2cc9e43..7684730 100644
--- a/opsec/cloud_provider_adversary/index.html
+++ b/opsec/cloud_provider_adversary/index.html
@@ -196,6 +196,9 @@ in this post we are going to do a threat modelling exercise:<br><br>
 
                     <h2><b>BMC Exploitation</b></h2>
                     <h3>Attack</h3>
+                    A malicious firmware update is deployed to the Baseboard Management Controller (BMC), providing stealthy persistent access and enabling future compromise of the OS or hypervisor.
+                    <h3>Countermeasures</h3>
+                    This attack has the same issue as the previous one and could be deployed during a schedule maintenance at Bob's datacenter even if Alice was using a baremetal. If she were to migrate to such a setup, then ensuring a TPM is present on the motheboard and only signed firmware updates are accepted would be a first step. This wouldn't protect her from a malicious update signed with a legitimate key as some government agency could deploy.