Cybersec Brief w/c 8th August 2016

Selected cybersecurity events of the week commencing Monday 8th August 2016.

A busy week in the wake of Defcon and Blackhat 2016. Bug bounties on the rise and smart machines automating vulnerability discovery and patching.

Tools, Techniques & Procedures

A collection of multiple years' worth of DefconCTFs
Enough brainteasers for the rainy autmn season.
http://fuzyll.com/2016/the-defcon-ctf-vm/

Cybercrime

Malware-infected USB sticks sent out by o2 UK
An interesting case of a supply chain attack? 
http://www.theregister.co.uk/2016/08/08/o2_sent_customers_a_windows_virus_on_usb_pens/

Research & Reports

Collection of Defcon 2016 presentations
https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/

Bugcrowd AskUsAnything
Prominent bug bounty platform opens up for questions

https://www.reddit.com/r/netsec/comments/4uuyo9/we_are_bugcrowd_ask_us_anything_casey_ellis/

Vulnerability might leave big parts of the internet open to 'Man-In-The-Middle' attack

Even if attacker is not sitting along the traffic route 

http://arstechnica.com/security/2016/08/linux-bug-leaves-usa-today-other-top-sites-vulnerable-to-serious-hijacking-attacks/

AskUsAnything with people behind Mayhem, 'AI' winning Darpa's Grand Cyber Challenge 2016

Mayhem was designed to identify and patch vulnerabilities automatically. Good bye, Pentesters!

https://www.reddit.com/r/IAmA/comments/4x9yn3/iama_mayhem_the_hacking_machine_that_won_darpas/

Insights on bug bounties from a successful, long-term bug hunter

http://www.skeletonscribe.net/2016/08/reviewing-bug-bounties-hackers.html