Faraday Blog

Our CEO, Federico Kirschbaum, participated in 'Conciencia Digital,' a conference hosted by Netgate Uruguay in Montevideo. Thousands of people gathered to discuss topics around Artificial Intelligence and Cybersecurity.
It's hard not to be passionate about the things we love, specially with such a warm crowd.
Thank you so much for the invite! It was an honor to be part of this event and connect with the Uruguayan cybersecurity community. 🚀

Since organizations differ in size, structure, and maturity, there are various vulnerability management models tailored to each. These strategies, adapted to different levels of complexity, are not a one-size-fits-all solution, but rather a set of recommended steps to either build a Vulnerability Management Program (VMP) from the ground up or assess the maturity of an existing VMP. The ultimate goal is to reach a point where vulnerability management no longer feels like a burden, but instead leads to significant improvements in overall security.

We’ve just released an update that brings significant improvements to Faraday, focusing on solving key challenges in vulnerability management. Here’s what’s new in Release 5.6.0 and Hotfix 5.6.1, and how these enhancements will make your workflow more efficient and secure

Security teams of all sizes, from large Fortune 500 companies to small NGOs, face the same problem: a lack of time and an ever-expanding attack surface. Time to detect vulnerabilities, time to decide what to do, time to act, and time to allocate resources. It is a continuous and constant game in which it is essential to focus on finding a more agile framework to detect, act, and resolve vulnerabilities.

Within our team, we prefer to focus on specific tasks depending on the type of host and the associated vulnerabilities. Exploiting a vulnerability on a third-party server with no connection to a client's internal network is not the same as attacking a cloud-hosted server that could potentially lead to a more interesting compromise, right? Another common example is when performing an internal pentest; our client details the most critical ranges to observe and analyze.

Last week, our COO, Martin Tartarelli, offered a master class on vulnerabilities. He thoroughly explained what they are, how they work, and how to manage them. Among other things, he discussed attack surfaces, automation tools, the importance of vulnerability management, and different levels of maturity in an organization.

You can read the full presentation here.

Plus, our CRO Francisco Amato was leading many meeting with Brazilian companies and fellow pentesters. 

It was an amazing chance to connect with the Brazilian pentesting community, share our work, and have an amazing time in São Pablo.