Faraday Blog

To make automotive cybersecurity research more accessible and affordable, we developed Doggie, an open-source and modular CAN Bus - USB adapter. Whether you're a hobbyist, researcher, or professional, Doggie is designed to simplify working with CAN Bus networks, enabling secure exploration and development in the automotive space.

Ekoparty 2024 was more than just a cybersecurity conference—it became a hub for knowledge sharing, community building, and celebrating the latest discoveries and innovations. Our team played a prominent role across various sessions, showcasing not only their technical expertise but also their commitment to the community.

October is Cybersecurity Awareness Month, a time when we focus on ways to enhance security in our daily lives, both personally and, most importantly, as a company. While some measures may seem basic, it’s important to remember that many vulnerabilities stem from unpatched programs, and a large number of attacks originate from an employee clicking the wrong link.

Since organizations differ in size, structure, and maturity, there are various vulnerability management models tailored to each. These strategies, adapted to different levels of complexity, are not a one-size-fits-all solution, but rather a set of recommended steps to either build a Vulnerability Management Program (VMP) from the ground up or assess the maturity of an existing VMP. The ultimate goal is to reach a point where vulnerability management no longer feels like a burden, but instead leads to significant improvements in overall security.

Security teams of all sizes, from large Fortune 500 companies to small NGOs, face the same problem: a lack of time and an ever-expanding attack surface. Time to detect vulnerabilities, time to decide what to do, time to act, and time to allocate resources. It is a continuous and constant game in which it is essential to focus on finding a more agile framework to detect, act, and resolve vulnerabilities.

Within our team, we prefer to focus on specific tasks depending on the type of host and the associated vulnerabilities. Exploiting a vulnerability on a third-party server with no connection to a client's internal network is not the same as attacking a cloud-hosted server that could potentially lead to a more interesting compromise, right? Another common example is when performing an internal pentest; our client details the most critical ranges to observe and analyze.