Faraday Blog

We started out by trying to connect to the router via UART and found out that it asks for a username and password in order to log in. We made many attempts using well-known credentials, but we decided that it was time to resort to static analysis in an attempt to find out the correct password.

Scaling security testing is hard if you are performing manual audits and can create bottlenecks in the development lifecycle. At Faraday, we are always thinking about how to re-use and automate classic workflows; for example, in application security, great tools like Burp Suite Pro provide a great scanner that could provide a security baseline.

We updated the Faraday Burp extender. Connect Burp to Faraday and accelerate reporting. Need Burp integration to JIRA?

We devote time to reporting vulnerabilities in open-source projects we use every day, but our interests are also linked with IoT, pervasive products that are part of our life. So far, so long, these are the CVEs we reported this year.

Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They safely try to exploit vulnerabilities and are experts at reporting failures, data leakage, or other vulnerabilities.
In this post, we present these tools and the several ways they can be applied.

Since our last version came out, we have dedicated ourselves to redesign our vulnerability panel for enhanced visualization. Now, you can tag vulns when importing them and identify them easily and fast. Plus, we added a specific risk score for every vuln that can be seen in the CVSS risk information.