Faraday Blog

October is Cybersecurity Awareness Month, a time when we focus on ways to enhance security in our daily lives, both personally and, most importantly, as a company. While some measures may seem basic, it’s important to remember that many vulnerabilities stem from unpatched programs, and a large number of attacks originate from an employee clicking the wrong link.

Within our team, we prefer to focus on specific tasks depending on the type of host and the associated vulnerabilities. Exploiting a vulnerability on a third-party server with no connection to a client's internal network is not the same as attacking a cloud-hosted server that could potentially lead to a more interesting compromise, right? Another common example is when performing an internal pentest; our client details the most critical ranges to observe and analyze.

Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They safely try to exploit vulnerabilities and are experts at reporting failures, data leakage, or other vulnerabilities.
In this post, we present these tools and the several ways they can be applied.

Our risk scoring system goes beyond mere criticality analysis, pinpointing precisely where real vulnerabilities lie. It offers a straightforward representation, not just an objective evaluation framework, but a curated set of filters tailored to prioritize based on specific contexts. Prioritization becomes a time-saving asset; now, you can filter vulnerabilities from a hacker's perspective.

In this blog, we are going to create a Slack app to allow us to interact with Faraday API using its known Slash Commands. This allows for flexibility in performing various security tasks and queries directly from Slack. Providing visibility into Faraday's data and functionality within the Slack environment. Helping security teams stay informed.

It's true that cybersecurity is primarily something developed by governments and large, regulated companies. If these entities with vast resources, hefty budgets, and seniority still experience breaches, what's left for the rest of us?
Whether it's a company with 10,000 employees or one with just five, they both face exactly the same attack.