At Dionach we are proud of our well-established research and development program. Our team of consultants are focused on continually uncovering new technical vulnerabilities in software and hardware, raising the bar in security assessment services and sharing our knowledge through whitepapers and various industry channels.
Through the responsible disclosure process we have published numerous vulnerabilities in leading software applications that our team has identified.
As part of our commitment to remaining vendor independent and offering the best technical solution to each client engagement, we also develop proprietary security tools for testing methods including vulnerability scanning, spear phishing and security auditing. In practice, our consultants have a wide range of commercial, open-source and custom tools at their disposal to deliver industry-leading outcomes for our client base.
Some of our custom tools are published as open source on Dionach’s GitHub page: https://github.com/Dionach.
In a recent penetration test ResourceLink version 20.0.2.1 was found to be vulnerable to local file inclusion (LFI). ResourceLink is a payroll web application that allows HR departments to manage payments and employees’ bank account details. LFI allows an attacker to include the contents of another file hosted on the
Internal penetration tests, as approached by Dionach, are a good exercise to assess the security of the internal networks of our clients. Typically, we spend a few days on-site, starting with a standard low-privileged account – or in many cases with no credentials at all just patching ourselves to the
When deciding whether or not to install iOS 12, many iPhone and iPad users will be primarily concerned with the “flashier” features: Memojis, group FaceTime calls, performance improvements for older devices, and more. However, the recent iOS update also contains a number of security features that deserve some consideration for
Most antivirus systems today use signature-based detection in order to identify given binaries as malware. Malware authors adapting to this with anti-forensic tooling has lead to the use of behavioural and heuristic analysis in order to detect and classify malware types. It is possible to identify malware types exclusively from
Firewalls are used as the main defence for an organisation’s network infrastructure, and are used to prevent unauthorised access to or from the private network. The aim of this article is to provide guidance for network administrators on how to harden Sophos UTM firewalls.
The Tor network is borne out of a research project by the Naval Research Laboratory and Defence Advanced Research Projects Agency called Onion Routing. The second generation of this research is referred to as ‘the onion routing’ network. The way in which this network functions is to have layered encryption
Dionach perform a number of firewall reviews and we often have to interact with different technologies and vendors. Alongside Cisco firewalls, Check Point firewalls are a popular solution used by organisations. This article provides guidance on how to harden Check Point firewalls and how to address the most common security
Some of the forensic countermeasures used by malware authors are described within this blog post. The importance of remaining undetected has led to the continuation of the practice of malware authors advertising their product as Fully UnDetectable (FUD). The following advert is from a cybercriminal marketplace, where ransomware is on
Introduction I have conducted numerous firewall review for various types of organisations over the years. A common theme observed during these reviews is that most organisations do not have a firewall hardening procedure and/or do not conduct a regular firewall review which covers user accounts, exposed administrative interfaces, patch management