This is a demo scenario of a network device, say a router. This device has a few network configuration options all locked behind a user-name and password, except for a network-connectivity test. This test tries to ping a given address. Unfortunately, this interface is vulnerable to a shell-injection. We will see how adding additional commands after entering the IP address to ping are concatenated to the underlying command, and then executed. This way attackers can run any command they want and gain control over the device. Later, we installing the IoT Embedded Nano Agent on the device. When running the application again, only now protected, we can see how an attacker tries to exploit the same vulnerability again, only to get blocked by our protections.