Faraday Blog

El Content-Security Policy (CSP) es una de las defensas más efectivas contra vulnerabilidades del tipo Cross-Site Scripting (XSS) y ataques relacionados con la carga de recursos maliciosos. Se implementa a través de la cabecera HTTP \\\'Content-Security-Policy\\\', y permite al navegador aplicar restricciones sobre qué scripts, estilos, imágenes u otros recursos pueden cargarse y ejecutarse en una aplicación web.

If you enjoy playing online games, you’ve probably heard about cheaters. People tend to have a negative perception of them, and they’re somewhat right. Cheats can ruin the online gaming experience, but they can also be an interesting way to learn about reverse engineering.

This article aims to combine automation and pentesting methodologies in a practical way, using artificial intelligence and multiple open-source tools. More than just a list of commands, it’s about sharing a replicable, flexible, and accessible methodology.
The approach we want to showcase is how, with the publicly available tools today and the help of AI models, it’s possible to improve automated processes—reducing the need for manual effort and allowing more time to focus on exploitation and, why not, the more fun parts.

This post will explore a practical use case to demonstrate Doggie’s power in automotive security research. Imagine you need to unlock a vehicle by sending the correct sequence of CAN messages. With Doggie and tools like Python-can, can-utils, or custom scripts, you can sniff unlocking messages, replay them, and even experiment with manipulating the system for security analysis.

In the ever-evolving landscape of cybersecurity, staying ahead of potential threats requires robust tools and accurate frameworks for assessing risk. The Common Vulnerability Scoring System (CVSS) has long been a cornerstone for evaluating vulnerabilities, providing a standardized method to gauge their severity. With the release of version 4.0, CVSS introduces significant updates aimed at improving accuracy and decision-making for security teams.

Ekoparty 2024 was more than just a cybersecurity conference—it became a hub for knowledge sharing, community building, and celebrating the latest discoveries and innovations. Our team played a prominent role across various sessions, showcasing not only their technical expertise but also their commitment to the community.