Faraday Blog

In the dynamic world of IT security, proactive vulnerability management is key. This comprehensive guide introduces steps to set up an enhanced vulnerability management system utilizing freemium and open-source tools, including Faraday for continuous scanning, SonarQube for static application security testing (SAST), and Kibana, Wazuh, or Splunk as your Security Information and Event Management (SIEM) solution.

Welcome to another great version of Faraday. This time, we introduce new methods to make your workflow even more seamless. Plus, we've added many other new agents and enhanced plugins to ensure you never have to leave our platform, effortlessly parsing data and incorporating it within our system.

Nowadays, we can distinguish various branches within a security team Red Teams, Blue Teams, Purple Teams & Bug Hunters.
But what does each team do?
This difference in colors, adding a new category related to bug bounty, makes us think about common tasks that all these approaches can have within a company; and the truth is, they have a lot. First, let's talk about the definition of each one.

For our corporate clients, we've upgraded our notification feature. Previously, you had a basic notification setup based only on the System, but now there's an “Advanced” notification in place. An easy-to-use system designed to keep you ahead of significant changes in your vulnerability status or to be notified when changes should be made to certain vulnerabilities. For instance, users can receive notifications when the vulnerability risk score exceeds the desired level or when critical vulnerabilities don't meet the SLA.

Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They safely try to exploit vulnerabilities and are experts at reporting failures, data leakage, or other vulnerabilities.
In this post, we present these tools and the several ways they can be applied.

This research project started when Javier’s wife, our ex Research leader, told him their IP camera had stopped working. Javier was asked to fix it, but, as a security researcher, the temptation was too great. He brought the camera to the office and discussed the problem with Octavio, another security researcher at Faraday. The situation quickly escalated from some light reverse engineering to a full-fledged vulnerability research project, which ended with two high-severity bugs and an exploitation strategy worthy of the big screen.