At Dionach we are proud of our well-established research and development program. Our team of consultants are focused on continually uncovering new technical vulnerabilities in software and hardware, raising the bar in security assessment services and sharing our knowledge through whitepapers and various industry channels.
Through the responsible disclosure process we have published numerous vulnerabilities in leading software applications that our team has identified.
As part of our commitment to remaining vendor independent and offering the best technical solution to each client engagement, we also develop proprietary security tools for testing methods including vulnerability scanning, spear phishing and security auditing. In practice, our consultants have a wide range of commercial, open-source and custom tools at their disposal to deliver industry-leading outcomes for our client base.
Some of our custom tools are published as open source on Dionach’s GitHub page: https://github.com/Dionach.
Four months ago I knew very little when it came to hacking – I had tried to look into it a little before, but had fallen into the traps of just reading about topics and not using the knowledge I had gained, or just knowing the basics about certain vulnerabilities
There’s one thing that I’ve learned from penetration testing, it’s that passwords need to be secure. According to recent research some of the most common passwords include ‘123456’, ‘qwerty’ and even ‘password’. These are very weak and should be avoided at all costs. However, complicated passwords can be hard to remember.
In a recent internal penetration test I came across in a situation where although I was local administrator on a Windows server and I could not run Windows Credentials Editor (WCE) because it was detected as a malicious threat in the McAfee on-access scan, as you can see below: The
Arguably one of the biggest threats that businesses face today is phishing. With a greater understanding of external security, the criminal element is relying on phishing attacks as a method of compromising organisations and bypassing traditional defences. Additionally, phishing attacks are a common way of distributing malware such as ransomware.
At Dionach we often get asked what documentation is required for ISO 27001. Beyond the obvious information security policy, there are quite a few policies and procedures that are required in various sections of the standard. For the most part we find that some requirements are met as part of
I recently performed some forensics on workstation for a client that had been infected with ransomware, which had resulted in a large number of their files being encrypted. This blog post discusses how the compromise took place, and also some thoughts about methods to prevent future compromises. Infection Vector A
I came across ProChatRoom during a web application penetration test. I found that version 8.2.0 of ProChatRoom was vulnerable to stored cross-site scripting (XSS), reflected XSS, SQL injection and ultimately to remote command execution by combining the stored XSS
During the last few years, a number of new HTTP headers have been introduced whose purpose is to help enhancing the security of a website. Some of these headers can be very useful protection against certain type of attacks, but their use is not widely spread in some cases. This
How Ransomware Works Ransomware such as CryptoLocker typically gets onto your PC either through a phishing email or a web site hosting malware. Ransomware will either encrypt files, make the computer unusable or make threats, all to extort money to fix the problem. CryptoLocker encrypts documents on the computer, shared