Faraday Blog

We’ve just released an update that brings significant improvements to Faraday, focusing on solving key challenges in vulnerability management. Here’s what’s new in Release 5.6.0 and Hotfix 5.6.1, and how these enhancements will make your workflow more efficient and secure

Since organizations differ in size, structure, and maturity, there are various vulnerability management models tailored to each. These strategies, adapted to different levels of complexity, are not a one-size-fits-all solution, but rather a set of recommended steps to either build a Vulnerability Management Program (VMP) from the ground up or assess the maturity of an existing VMP. The ultimate goal is to reach a point where vulnerability management no longer feels like a burden, but instead leads to significant improvements in overall security.

Security teams of all sizes, from large Fortune 500 companies to small NGOs, face the same problem: a lack of time and an ever-expanding attack surface. Time to detect vulnerabilities, time to decide what to do, time to act, and time to allocate resources. It is a continuous and constant game in which it is essential to focus on finding a more agile framework to detect, act, and resolve vulnerabilities.

Within our team, we prefer to focus on specific tasks depending on the type of host and the associated vulnerabilities. Exploiting a vulnerability on a third-party server with no connection to a client's internal network is not the same as attacking a cloud-hosted server that could potentially lead to a more interesting compromise, right? Another common example is when performing an internal pentest; our client details the most critical ranges to observe and analyze.

Faraday was born from the fusion of entrepreneurial spirit and a desire to break staffs. These elements naturally emerged in Federico Kirschbaum and Francisco Amato, two friends, crazy for IT, curious by nature, and the founders of this comprehensive cybersecurity project. What later became a company started as a series of on-demand jobs for individual clients. Gradually, Fede and Fran began to leave their full-time jobs, taking on more penetration testing projects, hiring people, and seeking new clients.

Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They safely try to exploit vulnerabilities and are experts at reporting failures, data leakage, or other vulnerabilities.
In this post, we present these tools and the several ways they can be applied.