- Exploiting Hardware Management Subsystem, by Simon Clow.
- Reversing Firmware using Radare2, by Anton Kochkov.
- IPMI: Understanding Your Server's Remote Backdoor, by Anthony J. Bonkoski.
Anyway, one of the most interesting development in BMC is OpenBMC, see: https://github.com/facebook/openbmc and https://code.facebook.com/posts/1601610310055392/introducing-openbmc-an-open-software-framework-for-next-generation-system-management/. Is it going to grant you access to Facebook-class infrastructure (from afar) if you find a flaw in it? Well, I don't think so, as it must've been protected by giant "firewall" in front of it. But, doing a code review on OpenBMC for flaws certainly a good exercise.
As a side note, let's not forget about Fujitsu, one of the most "underrated" server producer on the market. As a parting gift, let's look at what Fujitsu has in store in its BMC:
|Fujitsu integrated Remote Management Controller TCP/UDP ports|