Prioritize, Keep Pace, Prevail.

RESEARCH

Our research and development program sets industry standards in cyber security

At Dionach we are proud of our well-established research and development program. Our team of consultants are focused on continually uncovering new technical vulnerabilities in software and hardware, raising the bar in security assessment services and sharing our knowledge through whitepapers and various industry channels.

Through the responsible disclosure process we have published numerous vulnerabilities in leading software applications that our team has identified.

As part of our commitment to remaining vendor independent and offering the best technical solution to each client engagement, we also develop proprietary security tools for testing methods including vulnerability scanning, spear phishing and security auditing. In practice, our consultants have a wide range of commercial, open-source and custom tools at their disposal to deliver industry-leading outcomes for our client base.

Some of our custom tools are published as open source on Dionach’s GitHub page: https://github.com/Dionach.

TECHNICAL BLOG

The Risk of Data Recovery from Damaged Drives

One of the biggest risks with selling used or second-hand computers is the chance the new owner will be able to recover usable information from the hard drive. Over the years, a large number of different people and companies have demonstrated that used computers are frequently sold without having been

Read More »
8th September 2016

Android Binary Protection Methods

The majority of Android applications we test, even critical apps, do not prevent an attacker from successfully analysing, reverse engineering or modifying the app’s binary code. Most Android apps can easily be decompiled into readable source code that resembles the original. What can an attacker potentially do with an application’s

Read More »
3rd August 2016

The Real Impact of Cross-Site Scripting

Cross-site scripting (XSS) is probably the most prevalent high risk web application vulnerability nowadays, and yet it is still one of the most overlooked by developers and defenders alike.  At Dionach we have experienced a few situations when reporting XSS in penetration test reports as a critical or high risk

Read More »
29th July 2016

Throwback Threat: Macro Malware

Macro malware has been on the rise over the past couple of years, but unlike the 90s, the authors now include sophisticated threat actors working on behalf of  organised crime syndicates and nation state entities; something which makes this throwback threat all the more serious the second time round. This post details this issue and what can be done to help combat it. 

Read More »
25th April 2016

LogMeIn Rescue Unattended Service Privilege Escalation

LogMeIn Rescue is a well-known and widely used remote access tool, primarily designed for IT staff to provide end users with support. A typical LogMeIn Rescue session will look something like this: A user calls the support technician with a problem. The technician sends the user a link, which lets

Read More »
5th January 2016

From 0 to 100: Innocuous Source Code to Web Server Compromise

Antonio Sánchez, Lead Consultant In a recent web application penetration test I was challenged with figuring out how to fully compromise a client’s website. The site was using the latest version of WordPress, and although they had a few plugins installed, they seemed to be patched as well. However, I

Read More »
23rd December 2015

Combining Operational & Cyber Risk Management

Rona Young, Head of Global Marketing & Communications I recently joined Dionach, an independent information security consultancy, after spending most of my career managing crisis communications (reputation protection) and marketing operational risk management services within HSE consultancies. Rising to the challenge of learning a new industry, its services and methods 

Read More »
16th November 2015