Much as they may wish to do otherwise, organisations may need to install the Java Runtime Environment (JRE) so users have the Java Plugin they need for required web-sites, and/or run installed Java applications provided as JAR files. However, the vulnerabilities of JRE are well known and documented, as shown below, so meeting this requirement […]
Category: researchblog
CVE-2018-18863 ResourceLink Local File Inclusion
In a recent penetration test ResourceLink version 20.0.2.1 was found to be vulnerable to local file inclusion (LFI). ResourceLink is a payroll web application that allows HR departments to manage payments and employees’ bank account details. LFI allows an attacker to include the contents of another file hosted on the web server, within a web […]
Combining Issues to Compromise the Domain
Internal penetration tests, as approached by Dionach, are a good exercise to assess the security of the internal networks of our clients. Typically, we spend a few days on-site, starting with a standard low-privileged account – or in many cases with no credentials at all just patching ourselves to the network – and working our […]
Overview of iOS 12 Security Features
When deciding whether or not to install iOS 12, many iPhone and iPad users will be primarily concerned with the “flashier” features: Memojis, group FaceTime calls, performance improvements for older devices, and more. However, the recent iOS update also contains a number of security features that deserve some consideration for those concerned about protecting the […]
Behavioural Analysis of Malware via Network Forensics
Most antivirus systems today use signature-based detection in order to identify given binaries as malware. Malware authors adapting to this with anti-forensic tooling has lead to the use of behavioural and heuristic analysis in order to detect and classify malware types. It is possible to identify malware types exclusively from analysing the network behavioural patterns […]
Sophos UTM Firewall Hardening
Firewalls are used as the main defence for an organisation’s network infrastructure, and are used to prevent unauthorised access to or from the private network. The aim of this article is to provide guidance for network administrators on how to harden Sophos UTM firewalls.
The Onion Routing Network Research
The Tor network is borne out of a research project by the Naval Research Laboratory and Defence Advanced Research Projects Agency called Onion Routing. The second generation of this research is referred to as ‘the onion routing’ network. The way in which this network functions is to have layered encryption and routing via a route […]
Check Point Firewall Hardening
Dionach perform a number of firewall reviews and we often have to interact with different technologies and vendors. Alongside Cisco firewalls, Check Point firewalls are a popular solution used by organisations. This article provides guidance on how to harden Check Point firewalls and how to address the most common security issues. Please note that the […]
Malware Anti-Forensics
Some of the forensic countermeasures used by malware authors are described within this blog post. The importance of remaining undetected has led to the continuation of the practice of malware authors advertising their product as Fully UnDetectable (FUD). The following advert is from a cybercriminal marketplace, where ransomware is on sale, this variant, Stampado, being advertised […]
Cisco ASA Firewall Hardening
Introduction I have conducted numerous firewall review for various types of organisations over the years. A common theme observed during these reviews is that most organisations do not have a firewall hardening procedure and/or do not conduct a regular firewall review which covers user accounts, exposed administrative interfaces, patch management and review of firewall rules. […]