Aug 28, 2016

Cybersec Brief w/c 22nd August 2016

Selected cybersecurity events of the week commencing Monday 22nd August 2016.

NASA having security issues, iOS 0-days seen in the wild an some things about crypto-currencies.

Tools, Techniques & Procedures

Major update for exploit development toolkit Pwntools


Research & Reports

AskMeAnything with game hacking book author

Aug 21, 2016

Cybersec Brief w/c 15th August 2016

Selected cybersecurity events of the week commencing Monday 15th August 2016.

Potential NSA tools & exploits being leaked and the German Intelligence Agency challenging applicants with a reverse engineering puzzle.

Tools, Techniques & Procedures

Monitoring WMI to catch WMI attacks

[GERMAN] German intelligence agency puts reverse engineering challenge online for applicants


Munich shooting gun dealer suspect arrested

'ShadowBrokers' offering potential Equation Group (NSA?) tools and exploits for highest bidder

Research & Reports

Cisco to cut 5,500 jobs as revenue drops by 2%

Powershell to be ported to Linux & Mac and becoming Open-Source

Aug 14, 2016

Cybersec Brief w/c 8th August 2016

Selected cybersecurity events of the week commencing Monday 8th August 2016.

A busy week in the wake of Defcon and Blackhat 2016. Bug bounties on the rise and smart machines automating vulnerability discovery and patching.

Tools, Techniques & Procedures

A collection of multiple years' worth of DefconCTFs
Enough brainteasers for the rainy autmn season.


Malware-infected USB sticks sent out by o2 UK
An interesting case of a supply chain attack?

Research & Reports

Collection of Defcon 2016 presentations

Bugcrowd AskUsAnything
Prominent bug bounty platform opens up for questions

Vulnerability might leave big parts of the internet open to 'Man-In-The-Middle' attack
Even if attacker is not sitting along the traffic route 

AskUsAnything with people behind Mayhem, 'AI' winning Darpa's Grand Cyber Challenge 2016
Mayhem was designed to identify and patch vulnerabilities automatically. Good bye, Pentesters!

Insights on bug bounties from a successful, long-term bug hunter

Aug 7, 2016

Cybersec Brief w/c 1st August 2016

Selected cybersecurity events of the week commencing Monday 1st August 2016.

Tools, Techniques & Procedures

Dark Web OSINT automation with python and OnionScan
In-depth description and coding tutorial in python.

FireEye releases Fakenet-NG to provide malware analysts and Pentesters with a configurable traffic interception framework

A multiplayer framework for Pentesters during engagements
Make Pentesting a gamified collaborative effort and maximize the synergies of Pentesters working together.

Salesforce releases Vulnreport, a tool to automate Pentest / Vulnerability Management reporting
The tool is meant to help Pentesters increase efficiency and focus on the testing rather than the reporting.


FossHub hacked - Software Audacity & Classic-Shell was bundled with malware

Research & Reports

FireEye releases ICS Vulnerability Trend Report

IBM claims to have created artificial spiking neurons, opening possible advancements in AI

High frequency bug hunting: 120 bugs in 120 days. A report

Aug 1, 2016

Cybersec Brief w/c 25th July 2016

Selected cybersecurity events of the week commencing Monday 25th July 2016.

Tools, Techniques & Procedures

FireEye releases tool-roundup about some frequently used Red Teaming tools.
The round-up covers multiple phases of a Red Team engagement.

Nettitude consultants release PoshC2, a Powershell C2 post exploitation framework for Red Teaming.
The functionality and features are similar to Empire and CobaltStrike's Beacon.

A 5-step how-to on how to get your Threat hunting team going.

A project dedicated to Threat hunting including various IoCs and tips.


US Democratic National Comittee hacked. Unconfirmed rumors say Russians are behind the attack.

German shooter buys gun on Darknet and lures victims in via hacked Facebook account.