Rethink Vulnerability Management

Faraday Blog

Create Resistance. Be one step ahead. A security platform to manage everything from one place.

Bypassing password protection and getting a shell through UART in NEC Aterm WR8165N Wi-Fi router

We started out by trying to connect to the router via UART and found out that it asks for a username and password in order to log in. We made many attempts using well-known credentials, but we decided that it was time to resort to static analysis in an attempt to find out the correct password.

Read More

Automating Burp Suite with Faraday

Scaling security testing is hard if you are performing manual audits and can create bottlenecks in the development lifecycle. At Faraday, we are always thinking about how to re-use and automate classic workflows; for example, in application security, great tools like Burp Suite Pro provide a great scanner that could provide a security baseline.

Read More

We updated Faraday Burp extender

We updated the Faraday Burp extender. Connect Burp to Faraday and accelerate reporting. Need Burp integration to JIRA?

Read More

Our team’s vulnerabilities disclosures 2022

We devote time to reporting vulnerabilities in open-source projects we use every day, but our interests are also linked with IoT, pervasive products that are part of our life. So far, so long, these are the CVEs we reported this year.

Read More

Our team’s vulnerability disclosures 2021

Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They safely try to exploit vulnerabilities and are experts at reporting failures, data leakage, or other vulnerabilities.
In this post, we present these tools and the several ways they can be applied.

Read More

v4.1 Released

Since our last version came out, we have dedicated ourselves to redesign our vulnerability panel for enhanced visualization. Now, you can tag vulns when importing them and identify them easily and fast. Plus, we added a specific risk score for every vuln that can be seen in the CVSS risk information.

Read More