Research

Our research and development programme sets industry standards in cyber security

At Dionach we are proud of our well-established research and development programme. Our team of consultants are focused on continually uncovering new technical vulnerabilities in software and hardware, raising the bar in security assessment services and sharing our knowledge through whitepapers and various industry channels.

Through the responsible disclosure process we have published numerous vulnerabilities in leading software applications that our team has identified.

As part of our commitment to remaining vendor independent and offering the best technical solution to each client engagement, we also develop proprietary security tools for testing methods including vulnerability scanning, spear phishing and security auditing. In practice, our consultants have a wide range of commercial, open-source and custom tools at their disposal to deliver industry-leading outcomes for our client base.

Some of our custom tools are published as open source on Dionach’s GitHub page: https://github.com/Dionach.

Technical blog

Changes in the ISO 27001:2022 Revision

Changes in the ISO 27001:2022 Revision

Changes in the ISO 27001: 2022 Revision OverviewThe new version of the ISO 27001:2022 standard was released in October 2022, following the release of the revised ISO 27002:2022 guidance in February 2022.Organisations have 3 years to transition from ISO 27001:2013 to...

read more
Changes to Self-Assessment Questionnaires for PCI DSS 4

Changes to Self-Assessment Questionnaires for PCI DSS 4

PCI DSS v4.0 introduced some changes to each of the self-assessment questionnaires (SAQs). There is no change to the list of self-assessment questionnaires, and they have broadly the same eligibility criteria. Below is a summary table showing the SAQs and the number...

read more
How to Conduct a Risk Assessment

How to Conduct a Risk Assessment

Risk management is at the heart of information security and should be at the forefront of an organisation’s information security program.  The term risk management covers all the activities associated with identifying, quantifying, and addressing the risks...

read more
Simple 2FA Moodle Plugin: From 2FA Bypass to Account Takeover

Simple 2FA Moodle Plugin: From 2FA Bypass to Account Takeover

Author: Flaviu Popescu - Technical ConsultantIntroductionThere are times as a penetration tester that you find something unique. It may not be unique in the field of cyber security but unique to the tester themselves. This was one of those times. During testing on a...

read more
Phoenix Contact AXC F 2152 Denial of Service Vulnerability

Phoenix Contact AXC F 2152 Denial of Service Vulnerability

Author: Oliver Carrigan – OT Security ConsultantIntroductionThe Phoenix Contact AXC F 2152 is a Linux based industrial controller used within harsh industrial environments to control industrial processes such as manufacturing lines and building management systems. The...

read more
Spoofing Microsoft Outlook Contact

Spoofing Microsoft Outlook Contact

Author: Mike Manzotti – Senior Consultant
As part of a red team assessment, I discovered a bug affecting the latest version of Microsoft Outlook for Microsoft 365 (which was version 16.0.13801.20240 32 bit and 64-bit at the time of the discovery).

read more
Multiple Vulnerabilities in Vivotek Camera

Multiple Vulnerabilities in Vivotek Camera

Author: Mike Manzotti – Senior Consultant
In a recent security engagement Vivotek Camera IT9388-HT (firmware version: 0100p) was found to be vulnerable to arbitrary file download (CVE-2020-11949) and remote command execution (CVE-2020-11950).

read more