2025-10-24 –, Talk 1
Following the discovery of BadBox 1.0, I identified another device disguised as a streaming product called SuperBOX. This one is particularly concerning, as it includes observed command-and-control traffic, a targeted social media campaign, a suspected targeted whisper campaign, ease of use, and direct targeting of key individuals in important sections of U.S. Critical Infrastructure.
This situation has underscored the growing need for research at the intersection of cybersecurity and social psychology, highlighting the importance of helping users recognize and protect themselves from products that offer services that seem “too good to be true.”
Public reporting on this activity began emerging in early 2024, with major coverage appearing in March 2025. I initially discovered this campaign in February 2024 and have since tracked its evolution and broader ecosystem connections. This led to a second PSA from IC3 in May of 2025.
In this talk, I’ll provide:
A walkthrough of the device’s observed behavior.
An overview of the associated social media campaign.
Details of the whisper campaign.
Information on the shell company (or companies) linked to this activity.
Other notable findings and related observations gathered along the way.
Anyone. Everyone has likely encountered these at some point.
Ashley is a Senior Security Solutions Engineer at Censys, where she
specializes in finding things on the internet that really shouldn’t be
on the internet (spoiler: you know it’s everything). Her research has
uncovered IoT botnets hiding in your “totally legitimate” streaming
boxes, pig-butchering scam infrastructure masquerading as romance, and
entire threat actor clusters that probably wish she’d just stop
looking at the internet on the weekends.
When not teaching students how to blue team, red team, or “please stop
clicking on that link” team, Ashley moonlights as a professional cat
herder at BSides Las Vegas SafetyOps as the Chief Security Officer and
BSides Albuquerque: wrangling volunteers, laptops, and chili-themed
challenge coin designs all in the same day.
She has worn many hats: Army Taekwondo competitor, Army Band musician,
SOC analyst, Palo Alto trainer, Google Cloud wrangler, WWE fanatic,
and n00b security researcher (ask her about the latest exploits in
breaking her own lab builds). If it's a device that seems too good to
be true, it probably is and she’s likely researching it.
Come for the IoT horror stories, stay for the leggings.