Faction's Avatar

Faction

@factionsecurity.com.bsky.social

Faction is an open-source tool for: - Automated Pentest Reporting - Track Vulnerability Remediation - Collaborate With Your Team - and more https://www.factionsecurity.com #appsec #redteam #securitytools #cybersecurity #infosec #hacking

521 Followers  |  2,849 Following  |  28 Posts  |  Joined: 20.10.2024  |  1.7193

Latest posts by factionsecurity.com on Bluesky

Post image Post image

Great views from the level up party last night. #blackhat2025 #blackhat.

07.08.2025 23:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Greetings from BlackHat 2025! If you’re attending this year come check out my talk on OWASP Faction, Thursday at noon - Arsenal station 3! #pentesting #owasp #hacking #blackhat2025 #redteam #appsec

06.08.2025 20:31 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 2    πŸ“Œ 0
Post image

#BlackHat Arsenal was awesome!!! πŸŽ‰πŸŽ‰πŸŽ‰πŸΊπŸΊπŸΊThanks to all that came to my talk. I forgot to bring stickers with me but will be giving them out at #Defcon. Look for them in the usual spots or DM me.
#owasp #appsec #redteam #pentesting

@factionsecurity.com

07.08.2025 23:49 β€” πŸ‘ 3    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Post image

πŸŽ‰ I'm excited to be presenting Faction at BlackHat Arsenal 2025! πŸš€

Come by Thursday Aug 7th 12-12:55 am to see what Faction can do for you and get some STICKERS!!!
#hacking #pentesting #blackhat #BH2025 #appsec

www.blackhat.com/us-25/arsena...

08.07.2025 22:05 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

πŸŽ‰ Faction 1.6 is Here β€” Powerful New Features for Open Source and Enterprise Users

Lots of updates that brings major improvements that make #pentest reporting more flexible and tailored to your needs.

docs.factionsecurity.com/blog/2025/07...
#appsec #redteam #opensource #cybersecurity #hacking

08.07.2025 07:37 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Releases Β· factionsecurity/faction Pen Test Report Generation and Assessment Collaboration - factionsecurity/faction

πŸš€ OWASP Faction 1.5.2 is live!
This is a major update with improvements to help you deliver more streamlined and professional assessments.
What’s new?
βœ… Checklist Improvements
πŸ” SAML Authentication
πŸ“ Better Markdown Handling

github.com/factionsecur...

#AppSec #Cybersecurity #OWASP #redteam

02.06.2025 21:49 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

10 Burp extensions I actually use... BUT none of them are in the top 30 most popular in the BApp Store!

I get tired of seeing the same extensions come up in "top 10" lists. Here are some hidden gems you might not have tried... yet. In no particular order.

πŸ§΅πŸ‘‡

12.05.2025 15:01 β€” πŸ‘ 14    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0

Happy to announce that Faction is now an #OWASP Project!!! πŸš€

#appsec #applicationsecurity #pentesting #vulnerability #cybersecurity #redteam #hacking

owasp.org/www-project-...

05.03.2025 15:43 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Automate Pentest Reports and AppSec Posture Management (ASPM) Automate PenTest Reporting and AppSec Posture Management (ASPM) for penetration testers, red teams, and application security teams.

It’s a new year and time to start the year off right by automating your manual #pentest with Faction. πŸŽ‰πŸΎπŸ’₯

We got a lot of cool stuff planned for this year! We’ll be releasing more info in the coming months. Stay tuned!

#appsec #redteam #hacking

www.factionsecurity.com

04.01.2025 20:08 β€” πŸ‘ 5    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Happy holidays from us at Faction Security!!! πŸŽ„πŸ€ΆπŸŽ

Hope you get some downtime so you hack all the things next year!

#cybersecurity

25.12.2024 16:47 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

We just released Faction 1.4! πŸš€

If you're currently using Enterprise or Teams versions, then you have already been upgraded πŸŽ‰

This release includes bug fixes in pentest report peer reviews and fixes several CVE's.

Find out more: www.factionsecurity.com

#appsec #redteam #hacking #cybersecurity

19.12.2024 17:47 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Automate PenTest Reports with Boilerplates If you have been doing penetration testing for any length of time, you probably have a personal database of vulnerability descriptions…

We published a blog post on how to automate boilerplate text in your #pentesting reports using the #opensouce security tool, Faction. Check out the link below!

we-are-faction.medium.com/automate-pen...

#appsec #infosec #redteam #pentest #hacking #hacking-tools #security-tools

11.12.2024 06:13 β€” πŸ‘ 9    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

I agree, I’ve seen a lot of reports where the severity did not match the complexity of the attack or address compensating controls. If you can’t prove that an outside attacker can gain access to the resource you exploited then it should be rated as a recommendation to improve security posture

08.12.2024 22:03 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - Spix0r/fback: This is a useful Python script for generating a target specific wordlist for fuzzing backup files. This is a useful Python script for generating a target specific wordlist for fuzzing backup files. - Spix0r/fback

I've developed a Python tool called Fback that generates wordlists for fuzzing backup files. It takes a JSON-based pattern file and a seed wordlist as input and produces a target-specific wordlist as output. Github: github.com/Spix0r/Fback

#bugbounty #bugbountytools #cybersecurity

07.12.2024 11:18 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Hey #cybersecurity, we are building opensource tools to help streamline #pentesting assessments. We realize every company is different.

We want to know where your pain points are and what would make your life as a #pentester easier. Reply or DM us your feedback.

#infosec #appsec #redteam

08.12.2024 21:08 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Post image

Slashdot is now on Bluesky!

03.12.2024 00:31 β€” πŸ‘ 182    πŸ” 41    πŸ’¬ 14    πŸ“Œ 16
DEF CON 32 - SQL Injection Isn't Dead Smuggling Queries at the Protocol Level - Paul Gerste
YouTube video by DEFCONConference DEF CON 32 - SQL Injection Isn't Dead Smuggling Queries at the Protocol Level - Paul Gerste

This was one of our favorite talks from #defon32. This is a really clever approach to getting SQL injection at the protocol level.
#appsec #sqlinjection #hacking #applicationsecurity

www.youtube.com/watch?v=Tfg1...

02.12.2024 14:50 β€” πŸ‘ 5    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Happy thanksgiving for all that celebrate! πŸ¦ƒ

29.11.2024 01:28 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
21st November | Open Source Gardening | Live with Anchore Devs
YouTube video by Anchore 21st November | Open Source Gardening | Live with Anchore Devs

We're 🌟live🌟 in five, working on Open Source. 🌱
Join us with questions, comments & your important Syft & Grype bugs! 🐞
www.youtube.com/watch?v=hCRt...
#sbom #opensource #security

21.11.2024 19:55 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Building An Appsec Program From Scratch - Mireia Cano
Building an Appsec Program from Scratch In today's digital landscape, application security is crucial for safeguarding sensitive data and maintaining user trust. Without a robust AppSec program, or with one poorly implemented, chaos can ensue, leading to vulnerabilities and breaches. This talk explo Building An Appsec Program From Scratch - Mireia Cano

Ready to level up your cybersecurity skills? πŸ’»πŸ“ˆ

Mireia Cano teaches us how to build an AppSec program at #WICCON2024!

Level up here: www.youtube.com/watc...

#CyberSecurity #WomenInTech

22.11.2024 12:37 β€” πŸ‘ 8    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
How to Automate Pentest Reporting Using Faction Faction is an open-source security assessment collaboration framework designed to streamline and enhance your security workflows. With…

We got a story up on @medium.com! Learn out how to create your first #pentest report using Faction:
we-are-faction.medium.com/how-to-autom...

#appsec #redteam #informationsecurity #infosec #pentesting #ethicalhacking

22.11.2024 00:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
The Technology the Trump Administration Could Use to Hack Your Phone Other Western democracies have been roiled by the use of spyware to target political opponents, activists, journalists, and other vulnerable groups. Could it happen here?

Must read of the week: Ronan Farrow is looking at how governments (including the US) use spyware tech on individuals, activists, and journalists. www.newyorker.com/news/news-de...

21.11.2024 03:36 β€” πŸ‘ 83    πŸ” 32    πŸ’¬ 4    πŸ“Œ 4

When building your #pentest reports, Do you prefer CVSS scoring, critical/high/med/low, or something else to explain the severity of a finding?

#appsec #infosec #redteam #infosec

20.11.2024 20:15 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
New Ghost Tap attack abuses NFC mobile payments to steal money Cybercriminals have devised a novel method to cash out from stolen credit card details linked to mobile payment systems such as Apple Pay and Google Pay, dubbed 'Ghost Tap,' which relays NFC card data...

Cybercriminals have devised a novel method to cash out from stolen credit card details linked to mobile payment systems such as Apple Pay and Google Pay, dubbed 'Ghost Tap,' which relays NFC card data to money mules worldwide.

www.bleepingcomputer.com/news/securit...

20.11.2024 19:03 β€” πŸ‘ 4    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Preview
Bluesky Starter Packs - Bluesky Directory Browse a list of Bluesky Starter Packs. Discover and connect with your community on Bluesky

Try this list. You can find many different starter packs. blueskydirectory.com/starter-pack...

20.11.2024 17:56 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Starter Packs - Bluesky Directory A curated collection of all things relating to the Blue Sky social media platform.

Here is a searchable list of many different starter packs. A bunch in there for cybersecurity, infosec, and hacking. blueskydirectory.com/starter-packs

20.11.2024 17:51 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
GitHub launches $1.25M open source fund with a focus on security The open source funding problem is very real, but a slew of initiatives have emerged of late, with startups, corporations, and venture capitalists launching various programs to support some of the most critical projects via equity-free financing. Today…

GitHub launches $1.25M open source fund with a focus on security

19.11.2024 17:34 β€” πŸ‘ 101    πŸ” 13    πŸ’¬ 2    πŸ“Œ 1
Preview
GitHub - SirAppSec/vuln-node.js-express.js-app: A Very Vulnerable Node.js Express.js Web Application and API. Used for testing Security tools, Application security and penetration testing. Using Swagg... A Very Vulnerable Node.js Express.js Web Application and API. Used for testing Security tools, Application security and penetration testing. Using Swagger, Sqlite, Sequelize. - SirAppSec/vuln-node....

Checkout my vulnerable web application, allows security teams to verify tools, educate developers and hone their skills!

github.com/SirAppSec/vu...

20.11.2024 12:19 β€” πŸ‘ 16    πŸ” 4    πŸ’¬ 1    πŸ“Œ 0
Preview
Spotify abused to promote pirated software and game cheats Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and "warez" sites. By injecting targetedΒ keywords and links in playlist names and podcast descri...

Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and "warez" sites.
www.bleepingcomputer.com/news/securit...

19.11.2024 14:17 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@factionsecurity.com is following 19 prominent accounts