New research findings from Faraday goes to DEF CON

In the dynamic world of IT security, proactive vulnerability management is key. This comprehensive guide introduces steps to set up an enhanced vulnerability management system utilizing freemium and open-source tools, including Faraday for continuous scanning, SonarQube for static application security testing (SAST), and Kibana, Wazuh, or Splunk as your Security Information and Event Management (SIEM) solution.

Welcome to another great version of Faraday. This time, we introduce new methods to make your workflow even more seamless. Plus, we've added many other new agents and enhanced plugins to ensure you never have to leave our platform, effortlessly parsing data and incorporating it within our system.

Nowadays, we can distinguish various branches within a security team Red Teams, Blue Teams, Purple Teams & Bug Hunters.
But what does each team do?
This difference in colors, adding a new category related to bug bounty, makes us think about common tasks that all these approaches can have within a company; and the truth is, they have a lot. First, let's talk about the definition of each one.

For our corporate clients, we've upgraded our notification feature. Previously, you had a basic notification setup based only on the System, but now there's an “Advanced” notification in place. An easy-to-use system designed to keep you ahead of significant changes in your vulnerability status or to be notified when changes should be made to certain vulnerabilities. For instance, users can receive notifications when the vulnerability risk score exceeds the desired level or when critical vulnerabilities don't meet the SLA.

Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They safely try to exploit vulnerabilities and are experts at reporting failures, data leakage, or other vulnerabilities.
In this post, we present these tools and the several ways they can be applied.

This research project started when Javier’s wife, our ex Research leader, told him their IP camera had stopped working. Javier was asked to fix it, but, as a security researcher, the temptation was too great. He brought the camera to the office and discussed the problem with Octavio, another security researcher at Faraday. The situation quickly escalated from some light reverse engineering to a full-fledged vulnerability research project, which ended with two high-severity bugs and an exploitation strategy worthy of the big screen.

We understand that security is your top priority, and it is our obsession to protect all your digital assets and footprints. However, we recognize that time is equally valuable. It's with pride that we introduce a significant performance enhancement for our users.

But the outcome of all that is so rewarding. It only placed the bar higher for us, which means we have a tough job for next year. We're saying goodbye to 2023 with a major release. We're pleased to welcome Faraday v.5.0.0. It represents a huge leap in performance for all of our users and customers. We're euphoric about it and very thankful for the team that made it happen. We're a top-tier product that keeps getting better. You can leave your feedback at Gartner and read more about other users' opinions.

Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They safely try to exploit vulnerabilities and are experts at reporting failures, data leakage, or other vulnerabilities.
In this post, we present these tools and the several ways they can be applied.

Our risk scoring system goes beyond mere criticality analysis, pinpointing precisely where real vulnerabilities lie. It offers a straightforward representation, not just an objective evaluation framework, but a curated set of filters tailored to prioritize based on specific contexts. Prioritization becomes a time-saving asset; now, you can filter vulnerabilities from a hacker's perspective.