On the security of IoT devices
Open SourcePentestingVulnerability Management
October 24, 2022
According to Cisco’s Annual Internet Report, nearly two-thirds of the global population will have Internet access by 2023. The number of devices connected to IP networks will be more than three times the number of people in the world. Read more about cybersecurity
Bypassing passwords and getting a shell through UART in a Wi-Fi router
Open SourcePressPentestingVulnerability Management
October 18, 2022
We started out by trying to connect to the router via UART and found out that it asks for a username and password in order to log in. We made many attempts using well-known credentials, but we decided that it was time to resort to static analysis in an attempt to find out the correct password.
Automating Burp Suite with Faraday
Open SourcePentestingVulnerability Management
October 5, 2022
Scaling security testing is hard if you are performing manual audits and can create bottlenecks in the development lifecycle. At Faraday, we are always thinking about how to re-use and automate classic workflows; for example, in application security, great tools like Burp Suite Pro provide a great scanner that could provide a security baseline.
We updated Faraday Burp extender
Open SourcePentestingVulnerability Management
September 28, 2022
We updated the Faraday Burp extender. Connect Burp to Faraday and accelerate reporting. Need Burp integration to JIRA?
Our team’s vulnerabilities disclosures 2022
Open SourcePentestingVulnerability ManagementCybersec
September 26, 2022
We devote time to reporting vulnerabilities in open-source projects we use every day, but our interests are also linked with IoT, pervasive products that are part of our life. So far, so long, these are the CVEs we reported this year.
Our team’s vulnerability disclosures 2021
Open SourcePentestingVulnerability Management
September 22, 2022
Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They safely try to exploit vulnerabilities and are experts at reporting failures, data leakage, or other vulnerabilities.
In this post, we present these tools and the several ways they can be applied.