I recently attended Thotcon in Chicago, where I saw a presentation by Avishay Zawoznik called, "V!4GR4 BotNet: Cyber-Crime, Enlarged". It describes the processes, by a black hat, that used SQL injection to inject Viagra spam into vulnerable websites. The main takeaway was that the speaker talked about how compromised wordpress websites were used as webshells to operate the spam campaign from. I originally was under the assumption that websites were targeted to either be defaced, harvest data, or install a cryptominer / malware. It isn't common to hear about websites that are compromised just to use as a place to hide or orchestrate other criminal activities from. I'm hoping to attend more talks like this, where the presentation is done from the attackers point of view.
I'm hoping to attend some talks at Defcon on IoT security in devices other than cameras and appliances. I'm interested in learning about IoT attacks that aren't using the device as part of a botnet, but as a toe hold into the network it's hosted on. I've seen some socks proxy connections in my honeypot for RFC 1918 space, some looking for routers with default credentials, others looking for internal sites hosting malware. I thought both of these were rather curious and I've been interested in collecting more data on them.