An introduction to Dionach’s Ransomware Readiness Review

With the regularity of Ransomware attacks becoming alarmingly more frequent, within both the public and private sectors, everyone is now sitting up and paying extra attention to information security. Ransomware attacks are not new, the first attack was in 1989....

ShareAudit – The File Share Auditing Tool

In the previous blog post, we have discussed the steps in identifying sensitive information in file shares, as well as file servers with inappropriate access controls configured. It was aimed to provide organisations with a guide on how to perform internal file share...

Printer Server Bug to Domain Administrator

During a recent internal network penetration testing engagement, a number of common attack paths were unavailable as a number of security mechanisms were implemented such as the Local Administrator Password Solution (LAPS) and the prevention of logged on credentials...

Minimising the Risks of Using Flash

Flash is well-known to people within the cyber security industry to have a long history of security of vulnerabilities as well as functionality flaws. Since 2016, most web browsers have disabled Flash to automatically run on sites. In 2017, Adobe has finally gave up...

Compromising Jira Externally to Get Internal Network Access

In a recent external network engagement, which had a fairly large number of external services, I found a Jira login page available on the client’s external network. The login page belonged to a Jira Software service, an issue-tracking system used in project...