At Dionach we are proud of our well-established research and development program. Our team of consultants are focused on continually uncovering new technical vulnerabilities in software and hardware, raising the bar in security assessment services and sharing our knowledge through whitepapers and various industry channels.
Through the responsible disclosure process we have published numerous vulnerabilities in leading software applications that our team has identified.
As part of our commitment to remaining vendor independent and offering the best technical solution to each client engagement, we also develop proprietary security tools for testing methods including vulnerability scanning, spear phishing and security auditing. In practice, our consultants have a wide range of commercial, open-source and custom tools at their disposal to deliver industry-leading outcomes for our client base.
Some of our custom tools are published as open source on Dionach’s GitHub page: https://github.com/Dionach.
For many small and medium size organisations it can be a difficult to know where to start with PCI DSS. There is quite a lot of PCI DSS documentation to get your head around, and some of the terminology is difficult to understand initially. Furthermore, your bank (or acquirer) may
Once you get domain administrator during an internal penetration test, it is a common practice to gather as much information as possible including clear text credentials, password hashes, tokens and so on in order to compromise the network further. An example of these are the Microsoft SQL (MS SQL) Server
Recently I spent a little time trying to integrate Hydra (THC-Hydra) into Nessus. I thought to share this so you might save a bit of time if you are trying to achieve the same thing. I have been told by the Nessus support team that if you have installed the
Hacking in the movies happens at breakneck speed. Someone needs access to some database or internal system hosting confidential data and the “genius coder” will fly their fingers across the keyboard before seconds later dropping the painfully trite and clichéd line “I’m in”. Hacking in real-life, whether performed during a
Umbraco CMS <= 7.2.1 is vulnerable to local file inclusion (LFI) in the ClientDependency package included in a default installation. Whether this vulnerability is exploitable depends on a number of configuration options, and on the exact version of Umbraco installed. The ClientDependency package, used by Umbraco, exposes the “DependencyHandler.axd” file
Using a complex and unique password for each login is obviously important, however this can cause remembering all of your passwords to become very difficult and often leads to a compromise on password quality, as well as repeated uses of the same password. Using passwords that are uncommon but easily
While doing a regular web application penetration test for one of our clients, I found a reflected cross site scripting in a very popular application, CKEditor, and more precisely in the module that this application has for Drupal. It was sort of curious, because the vulnerable page was actually the
The administration service web pages on the Brother MFC-J4410DW model printer are vulnerable to reflected cross-site scripting through the “url” querystring parameter. This allows a user’s session to be hijacked or allows an attacker to take control of the user’s browser. For cross-site scripting to be exploited by an attacker,
This post will be on the topic of exploitable testing platforms for learning how to conduct a penetration test. I will take you through a few programs I have used and give a bit of information about each and explain how they will help you increase your penetration testing skills.