Do Not Disturb: This Hotel Is Attacking the Internet

A smart hotel’s IoT appliances are compromised, made part of a botnet, and used for a DDoS attack. Your goal? Finding out what happened and how!

For this online event, we have the amazing WICCON 2025 workshop leader Kellamity walking us through an incident-response type investigation. All from the comfort of your browser, using Azure Data Explorer (ADX) and the Kusto Query Language (KQL).

Curious about the blue side of cybersecurity? Enjoying puzzles and detective games? Or needing some exposure to the Kusto Query Language?

Focusing on suspicious network traffic, we will hunt anomalies in the provided dataset on Azure Data Explorer. Using the Kusto Query Language, we will discover who took over the IoT network and how, from reconnaissance to actions on objectives.

Don't forget to take notes! At the end of the session, we will draw up a timeline of events starting from high traffic alert back to the initial compromise.

Worried about KQL being a new language? You can freely play the KQL 101 and 201 modules on the KC7 platform to get the basics. I will also provide the queries during the session, so you'll never get stuck.

Afraid you'll breeze through it? It's ok, I thought about you, and there is a second threat actor to uncover. You'll have to do that on your own and report back to me though ;)

Kellamity
Kellamity is a volunteer Threat Intel Content Lead at KC7. This free platform teaches concepts of incident response and threat hunting in a gamified way to everyone, from school students to career changers.

From a literature and languages background, they started playing --quite obsessively-- on KC7 at the beginning of 2024, and after making it quickly to the top of the leaderboard and helping others over on Discord, they were offered to join the team. Which they quickly accepted, because giving back to the community is great, and creating new scenarios is fun!