Research

Our research and development programme sets industry standards in cyber security

At Dionach we are proud of our well-established research and development programme. Our team of consultants are focused on continually uncovering new technical vulnerabilities in software and hardware, raising the bar in security assessment services and sharing our knowledge through whitepapers and various industry channels.

Through the responsible disclosure process we have published numerous vulnerabilities in leading software applications that our team has identified.

As part of our commitment to remaining vendor independent and offering the best technical solution to each client engagement, we also develop proprietary security tools for testing methods including vulnerability scanning, spear phishing and security auditing. In practice, our consultants have a wide range of commercial, open-source and custom tools at their disposal to deliver industry-leading outcomes for our client base.

Some of our custom tools are published as open source on Dionach’s GitHub page: https://github.com/Dionach.

Technical blog

Phoenix Contact AXC F 2152 Denial of Service Vulnerability

Author: Oliver Carrigan – OT Security Consultant Introduction The Phoenix Contact AXC F 2152 is a Linux based industrial controller used within harsh industrial environments to control industrial processes such as manufacturing lines and building management systems....

read more

Spoofing Microsoft Outlook Contact

Author: Mike Manzotti – Senior Consultant
As part of a red team assessment, I discovered a bug affecting the latest version of Microsoft Outlook for Microsoft 365 (which was version 16.0.13801.20240 32 bit and 64-bit at the time of the discovery).

read more

An introduction to Dionach’s Ransomware Readiness Review

With the regularity of Ransomware attacks becoming alarmingly more frequent, within both the public and private sectors, everyone is now sitting up and paying extra attention to information security. Ransomware attacks are not new, the first attack was in 1989....

read more

Multiple Vulnerabilities in Vivotek Camera

Author: Mike Manzotti – Senior Consultant
In a recent security engagement Vivotek Camera IT9388-HT (firmware version: 0100p) was found to be vulnerable to arbitrary file download (CVE-2020-11949) and remote command execution (CVE-2020-11950).

read more

COVID-19 Cyber Security Challenges

Author: Raymond Rizk – Senior Consultant
Implications for information security due to the COVID-19 global pandemic including recommendations of actions to improve security challenges.

read more

Insecure Mobile Apps Can Lead to AWS Account Compromise

Author: Mike Manzotti – Senior Consultant
Nowadays the number mobile apps available on market stores such as Google Play or Apple’s App Store are constantly increasing. This fast-paced industry does not always consider cyber security a priority, especially when deadlines are tight, and often it is an afterthought.

In this blog I will guide you through part of a mobile app penetration test that allowed me to fully compromise an AWS account, which amongst other assets, included a WordPress website hosted on a EC2 instance.

read more