Crypto-Miner Malware Delivery Analysis
Discovery # A few weeks ago I was reworking a proof-of-concept exploit for a specific IoT device and while looking through the web service error log on the device, I noticed a few garbled mumbo-jumbo entries like in the following screenshot. These weren’t requests I had made to the device, but from another device (more than likely compromised) attempting to exploit a vulnerability and compromise the device I was working on.
Voiding the Warranty - Merkury Smart Plug
The Cause - Why do this? # Studying infosec and IoT device security has given me a desire to create my own gadgets and practice some of what I’ve learned. What better way than destroying some cheap off-the-shelf devices found at a local store and share my process with others?
Some may ask, “why would I do that when there are options such as Arduino, ESP32, and ESP8266 that are available?