At Dionach we are proud of our well-established research and development program. Our team of consultants are focused on continually uncovering new technical vulnerabilities in software and hardware, raising the bar in security assessment services and sharing our knowledge through whitepapers and various industry channels.
Through the responsible disclosure process we have published numerous vulnerabilities in leading software applications that our team has identified.
As part of our commitment to remaining vendor independent and offering the best technical solution to each client engagement, we also develop proprietary security tools for testing methods including vulnerability scanning, spear phishing and security auditing. In practice, our consultants have a wide range of commercial, open-source and custom tools at their disposal to deliver industry-leading outcomes for our client base.
Some of our custom tools are published as open source on Dionach’s GitHub page: https://github.com/Dionach.
6.5 million LinkedIn password hashes breached which raises the fear that many more passwords are likely breached. Many passwords were related to LinkedIn. It’s still early days on the leaking of the 6.5 million LinkedIn password hashes. I’ve looked at the text file, and half of them are indeed SHA-1
Updating OpenDLP can support Oracle Databases for the PCI DSS process when looking for credit card numbers and passwords searching Windows or Unix file systems. OpenDLP is an excellent tool for looking for credit card numbers as part of a PCI DSS scoping process, or looking for passwords and other sensitive data
The Gambling Commission requires that remote gambling licence holders get annual ISO 27001 security audits done. This needs to cover a specific subset of ISO 27001 controls, which are listed in section five of the Remote Gambling and Software Technical Standards document. The specific subset focuses on access control, communications
During a client side test, several areas need to be setup for a successful attack. In this short article I will describe how to configure Metasploit by making use of the features in the latest release (currently 4.1). The client side attack we are considering here is an email with
Virtual Security Management – Virtualisation is amazing for running things simultaneously, on-the-go etc but security problems do come with the positives.” First of all, in the interests of fairness, I should point out that I think virtualisation is amazing. I love the idea that my laptop can run several different,
Security is a process, not a product – Strong IT security brands encourage the use of a single commercial product but this is not as secure as a process. It’s not a novelty to say that the market is often regulated by the strong business brand and it is no
Custom Access Control – Penetration testers may get distracted by technical issues thus forgetting that simple logical flaws could be the security breach cause. As penetration testers we have a tendency to get caught up in the latest exploit, or the most intricate piece of SQL injection or cross-site scripting,
Perhaps it is worthwhile to review your security systems after Sony, RSA and IMF are all breached through either direct penetrations or phishing attacks. The various publicised data and network breaches (or “hacks”) this year seem to fall into two camps. The first camp includes the more straightforward direct penetrations
Kodak InSite is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. CVE: N/APublished: Mar 7 2011 08:55AMVulnerable: Kodak InSite 5.5.2 An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may