Expanded Attack Surface: How to Optimize Time and Resources in Cybersecurity
Vulnerability ManagementCybersec
July 29, 2024
Security teams of all sizes, from large Fortune 500 companies to small NGOs, face the same problem: a lack of time and an ever-expanding attack surface. Time to detect vulnerabilities, time to decide what to do, time to act, and time to allocate resources. It is a continuous and constant game in which it is essential to focus on finding a more agile framework to detect, act, and resolve vulnerabilities.
Using Faraday API for Vulnerability Management
PentestingVulnerability ManagementCybersec
July 17, 2024
Within our team, we prefer to focus on specific tasks depending on the type of host and the associated vulnerabilities. Exploiting a vulnerability on a third-party server with no connection to a client's internal network is not the same as attacking a cloud-hosted server that could potentially lead to a more interesting compromise, right? Another common example is when performing an internal pentest; our client details the most critical ranges to observe and analyze.
Good practices in Cybersecurity – Part 3
Offensive SecurityRed teamCybersec
May 29, 2024
Good security practices go hand in hand with automation, integration, and collaboration. As dynamic as the threat landscape is, so must our strategy be. With over 26 thousand vulnerabilities reported last year, it’s now more important than ever to shift security from left to right, and then everywhere.
Ten years of cybersecurity, a lifetime of hacking.
Vulnerability ManagementCybersec
April 9, 2024
Faraday was born from the fusion of entrepreneurial spirit and a desire to break staffs. These elements naturally emerged in Federico Kirschbaum and Francisco Amato, two friends, crazy for IT, curious by nature, and the founders of this comprehensive cybersecurity project. What later became a company started as a series of on-demand jobs for individual clients. Gradually, Fede and Fran began to leave their full-time jobs, taking on more penetration testing projects, hiring people, and seeking new clients.
Good practices in Cybersecurity – Part 2
Offensive SecurityRed teamCybersec
March 12, 2024
Nowadays, we can distinguish various branches within a security team Red Teams, Blue Teams, Purple Teams & Bug Hunters.
But what does each team do?
This difference in colors, adding a new category related to bug bounty, makes us think about common tasks that all these approaches can have within a company; and the truth is, they have a lot. First, let's talk about the definition of each one.
Good practices in Cybersecurity – Part 1
Vulnerability ManagementCybersec
February 15, 2024
Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They safely try to exploit vulnerabilities and are experts at reporting failures, data leakage, or other vulnerabilities.
In this post, we present these tools and the several ways they can be applied.