Rethink Vulnerability Management

Faraday Blog

Create Resistance. Be one step ahead. A security platform to manage everything from one place.

Automation and Pentesting: Use AI and Open-Source Tools

This article aims to combine automation and pentesting methodologies in a practical way, using artificial intelligence and multiple open-source tools. More than just a list of commands, it’s about sharing a replicable, flexible, and accessible methodology.
The approach we want to showcase is how, with the publicly available tools today and the help of AI models, it’s possible to improve automated processes—reducing the need for manual effort and allowing more time to focus on exploitation and, why not, the more fun parts.

Read More


Car Hacking: How to unlock doors with Doggie

This post will explore a practical use case to demonstrate Doggie’s power in automotive security research. Imagine you need to unlock a vehicle by sending the correct sequence of CAN messages. With Doggie and tools like Python-can, can-utils, or custom scripts, you can sniff unlocking messages, replay them, and even experiment with manipulating the system for security analysis.

Read More


CVSS v4: What’s New and Why It Matters for Your Vulnerability Management

In the ever-evolving landscape of cybersecurity, staying ahead of potential threats requires robust tools and accurate frameworks for assessing risk. The Common Vulnerability Scoring System (CVSS) has long been a cornerstone for evaluating vulnerabilities, providing a standardized method to gauge their severity. With the release of version 4.0, CVSS introduces significant updates aimed at improving accuracy and decision-making for security teams.

Read More


Faraday at Ekoparty 2024: recap

Ekoparty 2024 was more than just a cybersecurity conference—it became a hub for knowledge sharing, community building, and celebrating the latest discoveries and innovations. Our team played a prominent role across various sessions, showcasing not only their technical expertise but also their commitment to the community.

Read More


Back to basics: Security recommendations for your team

October is Cybersecurity Awareness Month, a time when we focus on ways to enhance security in our daily lives, both personally and, most importantly, as a company. While some measures may seem basic, it’s important to remember that many vulnerabilities stem from unpatched programs, and a large number of attacks originate from an employee clicking the wrong link.

Read More


Using Faraday API for Vulnerability Management

Within our team, we prefer to focus on specific tasks depending on the type of host and the associated vulnerabilities. Exploiting a vulnerability on a third-party server with no connection to a client's internal network is not the same as attacking a cloud-hosted server that could potentially lead to a more interesting compromise, right? Another common example is when performing an internal pentest; our client details the most critical ranges to observe and analyze.

Read More


Privacy Preference Center