• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Bucharest: +40 316 301 707 
  • Tokyo: +81 (3) 4588 8181 


You are here

By Luca

Check Point Firewall Hardening

Aug 09, 2018

Dionach perform a number of firewall reviews and we often have to interact with different technologies and vendors. Alongside Cisco firewalls, Check Point firewalls are a popular solution used by organisations. Continue reading

By Freddie

Malware Anti-Forensics

Aug 02, 2018

Some of the forensic countermeasures used by malware authors are described within this blog post. Continue reading

By Wouter

Cisco ASA Firewall Hardening

Jul 25, 2018

Introduction I have conducted numerous firewall review for various types of organisations over the years. A common theme observed during these reviews is that most organisations do not have a firewall hardening procedure and/or do not conduct a regular firewall review which covers user accounts, exposed administrative interfaces, patch management and review of firewall rules. This article provides a guide or references other articles for hardening Cisco ASA firewalls and addressing the most common vulnerabilities observed during these firewall reviews. Continue reading

By Luca

Introduction To Red Teaming

Jun 26, 2018

When a company is in the process of proactively improving security posture, there are various services and standards that comes into help. Continue reading

By Valeria

Security Testing - How to Choose the Right Provider

Jun 13, 2018

In our previous blog, we discussed the rising importance of security testing, and in particular red teaming, to mitigate the plethora of risks associated with managing your data in today’s digital world. Continue reading

By Valeria

Cyber Security – Are You Seeing Red?

Jun 11, 2018

        Based on our experience over the last year, companies large and small are ramping up their security testing measures – and this comes as no surprise given the scale of the threats facing businesses in the digital era. Continue reading

By Antonio

Fun with SQL Injection using Unicode Smuggling

May 02, 2018

During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and then some imagination to fully exploit it and get command execution on the vulnerable server. Continue reading

By Guy

What is the difference between ISO 27001 and ISO 27002?

Apr 25, 2018

In short, ISO 27001 is the standard for implementing an Information Security Management System (ISMS) that companies are certified against. Continue reading

By Nick

OWASP Top 10 2017 Final Release Review

Apr 19, 2018

Back in May 2017, I reviewed the release candidate (RC1) version of OWASP (Open Web Application Security Project) Top Ten Web Vulnerabilities for 2017, which as stated within the previous blog entry, has been eventually rejected. Continue reading

By Robin

Active Directory Password Auditing Part 2 - Cracking the Hashes

Mar 20, 2018

In part 1 we looked how to dump the password hashes from a Domain Controller using NtdsAudit. Continue reading